kweaver-core
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
kweaverCLI tool via shell commands to perform administrative tasks on the platform, such as managing knowledge networks, agents, and data sources. - [EXTERNAL_DOWNLOADS]: The skill instructions include installing vendor-related Node.js packages like
@kweaver-ai/kweaver-sdkandplaywrightvia npm, as well as downloading and installing platform-specific extension packages using thekweaver skill installcommand. - [CREDENTIALS_UNSAFE]: The skill manages authentication tokens and database passwords. Commands like
kweaver auth export,kweaver token, andkweaver ds connectinvolve printing or inputting sensitive credentials that could be exposed in command history or console output. - [DATA_EXFILTRATION]: The
kweaver call(aliaskweaver curl) command allows the agent to make network requests to arbitrary paths. This functionality could be used to transmit internal identifiers or authentication headers to external endpoints. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it processes untrusted data from multiple sources.
- Ingestion points: Data enters the context via
kweaver agent chat(conversation history),kweaver bkn search(search results),kweaver ds import-csv(external files), andkweaver dataview query(database records). - Boundary markers: No explicit markers are used to delimit untrusted content within the instructions.
- Capability inventory: The skill can execute shell commands and perform network requests via the restricted
kweaverCLI. - Sanitization: There is no mention of sanitizing or validating data retrieved from the knowledge network or external sources before it is processed by the agent.
Audit Metadata