Skills
skills/kool-dev/kool/kool-cli/Gen Agent Trust Hub

kool-cli

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill exposes the kool exec and kool docker commands, which allow for arbitrary command execution inside containers. This is a high-risk capability that could be abused if the agent is prompted to execute untrusted input.
  • REMOTE_CODE_EXECUTION (MEDIUM): The kool run command executes scripts defined in a local kool.yml file. An attacker could potentially achieve code execution by providing a repository with a malicious kool.yml that the agent is then induced to run.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: Local configuration files kool.yml and docker-compose.yml (specified in SKILL.md).
  • Boundary markers: None. The skill implicitly trusts the content of these files in the working directory.
  • Capability inventory: Execution of shell commands and container-based commands via kool exec, kool docker, and kool run (specified in SKILL.md).
  • Sanitization: No evidence of script validation or command sanitization prior to execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:35 PM