Skills
skills/kernel/skills/diff-profile-archives/Gen Agent Trust Hub

diff-profile-archives

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches profile archives from the Kernel platform using the command kernel profiles download <A> --pretty --to a/profile.zip.
  • [COMMAND_EXECUTION]: The workflow utilizes system utilities including sqlite3 for querying browser databases, strings for inspecting LevelDB storage, and zstd/tar for archive extraction.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and interprets untrusted data from browser profiles (e.g., cookie names, storage values, and analytics events) which could be manipulated by malicious websites to influence the agent's synthesis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 09:09 PM