kapso-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill frequently executes local JavaScript files using the 'node' command. This pattern creates a significant attack surface if arguments or referenced files are influenced by untrusted data.
- [REMOTE_CODE_EXECUTION] (HIGH): The ability to create and deploy functions ('create-function.js', 'deploy-function.js') allows an agent to inject and execute arbitrary code into a production runtime environment.
- [DATA_EXFILTRATION] (MEDIUM): Database CRUD operations ('query-rows.js') and metadata listing tools provide a pathway for sensitive data access and extraction.
- [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to indirect prompt injection due to its powerful write/execute capabilities. 1. Ingestion points: Untrusted data enters via '--definition-file' and '--code-file' arguments in scripts like 'update-graph.js' and 'create-function.js'. 2. Boundary markers: None identified; there are no clear delimiters to prevent the agent from obeying instructions embedded in the code or graph definitions. 3. Capability inventory: Includes arbitrary Node.js script execution, remote function deployment, and full database access. 4. Sanitization: No evidence of sanitization or validation of the provided code or schemas.
Recommendations
- AI detected serious security threats
Audit Metadata