kernel-cli
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The documentation for SSH access in browser-management.md explicitly demonstrates using a local private SSH key path ~/.ssh/id_ed25519 with the -i flag.
- [Privilege Escalation] (HIGH): The process-execution.md reference describes how to execute commands with root privileges using the --as-root flag.
- [Command Execution] (MEDIUM): The skill facilitates arbitrary command execution inside remote VMs via kernel browsers process exec and kernel browsers process spawn.
- [Indirect Prompt Injection] (LOW): The skill has a large attack surface as it processes untrusted web data using a browser and has powerful capabilities. 1. Ingestion: kernel browsers (browser-management.md). 2. Boundaries: None. 3. Capabilities: exec, spawn, fs, deploy. 4. Sanitization: None mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata