Keboola Configuration
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely documentation-based, providing information on project structures and JSON formats. It does not include any executable scripts, binary files, or network-enabled tools.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill identifies the existence of sensitive files like .env.local (used for API tokens) and correctly instructs users to exclude them from version control, representing a positive security practice.
- [INDIRECT_PROMPT_INJECTION]: The skill describes how an agent might process external configuration files (config.json, meta.json), which are ingestion points for potentially untrusted data. However, since the skill provides no functional code or tool capabilities, there is no execution path or risk. 1. Ingestion points: config.json, meta.json, .keboola/manifest.json. 2. Boundary markers: Absent. 3. Capability inventory: None. 4. Sanitization: Absent.
Audit Metadata