Skills
skills/konecty/skills/konecty-meta-view/Gen Agent Trust Hub

konecty-meta-view

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script reads sensitive authentication data from specific local files. \n
  • Evidence: Accesses ~/.konecty/.env and ~/.konecty/credentials to retrieve KONECTY_URL and KONECTY_TOKEN. \n
  • Context: These are vendor-specific configuration paths used for legitimate authentication to the Konecty platform.\n- [EXTERNAL_DOWNLOADS]: The skill performs authenticated network requests to interact with the Konecty administrative API. \n
  • Evidence: Uses the urllib.request module to send GET and PUT requests to /api/admin/meta. \n
  • Context: Required to fetch, list, and update metadata definitions as described in the skill documentation.\n- [PROMPT_INJECTION]: The skill processes external data, creating an attack surface for indirect prompt injection. \n
  • Ingestion points: Data enters the agent context through JSON files provided via the --file argument in scripts/meta_view.py and through responses from the Konecty API. \n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt instructions. \n
  • Capability inventory: The skill has the ability to read local files and perform authenticated network write operations (PUT) to the Konecty API. \n
  • Sanitization: The ingested content is parsed as JSON but does not undergo validation or sanitization before being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:25 PM