kernel-profiles
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill explicitly includes a command
kernel profiles download --to profile.zipwhich extracts browser cookies, local storage, and session state. These are high-value targets for session hijacking. If an attacker can influence the agent to run this command, they can gain unauthorized access to any accounts logged into those browser profiles. - [Command Execution] (MEDIUM): The skill is designed to execute several shell commands via the
kernelCLI. While these are documented, they provide the agent with direct control over the host's browser profile directory, allowing for the deletion, modification, or extraction of user data. - [Indirect Prompt Injection] (LOW): The skill processes profile names and lists profile details. While the primary function is management, there is a minor surface where metadata from a maliciously named profile (e.g., if one is created by a website) could influence the agent's behavior when listing or describing profiles.
Recommendations
- AI detected serious security threats
Audit Metadata