openkakao-cli
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The tool supports a
--hook-cmdflag that executes arbitrary shell commands whenever a message is received. This allows for local execution of logic based on external inputs. - [DATA_EXFILTRATION]: The tool includes a
--webhook-urlflag that allows the agent to send chat messages and related data to external HTTP endpoints. - [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install a binary from a third-party Homebrew tap managed by the author.
- [CREDENTIALS_UNSAFE]: The tool accesses and manages sensitive authentication tokens and KakaoTalk session data stored in local databases and configuration files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes live chat data from external sources that could contain malicious instructions designed to exploit the tool's command execution and network capabilities. Ingestion points:
SKILL.md(viawatchandloco-read). Boundary markers: Absent. Capability inventory:openkakao-rs(shell),brew(install),curl/wget(webhooks). Sanitization: Absent/Not documented for hook commands.
Audit Metadata