The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill documentation includes a hardcoded initial password used for authentication workflows.
Evidence: The value '401001017' is specified as the initial password in 'internal/bkn-kweaver/SKILL.md' and 'internal/bkn-kweaver/references/auth.md'.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection because it processes untrusted external data to generate core business logic and rules.
Ingestion points: Business documentation and PRDs are ingested via the 'source_text' parameter in 'internal/bkn-extract/SKILL.md' and the 'prd_content' parameter in 'internal/_plugins/bkn-rules/SKILL.md'.
Boundary markers: There are no explicit instructions or delimiters defined in the prompt templates to isolate untrusted content from the agent's instructions.
Capability inventory: The skill possesses extensive capabilities including shell command execution via the 'kweaver' CLI ('internal/bkn-kweaver/SKILL.md') and local file system modifications ('internal/bkn-archive/SKILL.md', 'internal/bkn-backfill/SKILL.md').
Sanitization: No sanitization or validation of the ingested text is performed before it is processed by the extraction logic.
[COMMAND_EXECUTION]: The skill architecture is built on the execution of the 'kweaver' CLI for all platform-level operations, including knowledge network creation, authentication, and data source management.
[EXTERNAL_DOWNLOADS]: The instructions direct the agent to install external software at runtime. Specifically, it recommends the installation of the '@kweaver-ai/kweaver-sdk' package from the NPM registry as documented in 'internal/bkn-kweaver/SKILL.md'.
[DATA_EXFILTRATION]: The skill provides the agent with a 'call' utility ('kweaver call') that allows making arbitrary HTTP requests to external URLs, which could be leveraged for data exfiltration if the agent is compromised by malicious input.

bkn-creator