unikraft
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the use of the kraft CLI for various system-level operations, including building unikernels, managing machine networks, and handling persistent volumes. It includes a specific safety instruction requiring the agent to show the commands and ask for permission before running them.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it involves processing untrusted project data.
- Ingestion points: The agent is instructed to read the project's Kraftfile, Dockerfile.server, and .env.github files from the repository root.
- Boundary markers: The instructions do not define specific delimiters to separate configuration data from potential malicious instructions embedded in those files.
- Capability inventory: The agent has access to the full suite of kraft CLI commands, including local process management and cloud deployment capabilities.
- Sanitization: No explicit sanitization or validation of the configuration file content is mentioned prior to the agent using the data.
- [EXTERNAL_DOWNLOADS]: The skill references documentation from unikraft.org and example repositories from the unikraft-cloud GitHub organization. These are recognized as legitimate, well-known resources for the Unikraft project.
Audit Metadata