klisk-guide
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The guide instructs users to install the 'klisk' framework and its associated extras from PyPI. It also recommends installing official Google authentication libraries such as 'google-auth', 'google-api-python-client', and 'google-auth-oauthlib'.
- [REMOTE_CODE_EXECUTION]: Instructions are provided for installing the Google Cloud SDK using a piped shell command ('curl https://sdk.cloud.google.com | bash'). This is an official installation method from a well-known, trusted service.
- [PROMPT_INJECTION]: The skill documents the creation of agents that process untrusted data from user messages, file attachments (PDFs, images), and external Google services (Gmail, Calendar). This establishes an indirect prompt injection surface. Ingestion points include direct CLI input and REST/WebSocket API messages. Capability inventory includes custom tool execution, sandboxed code interpretation (via OpenAI), and network access for API integrations. The documentation does not explicitly detail boundary markers or specific sanitization routines for handling these external inputs.
Audit Metadata