kweaver-core
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Authentication credentials such as passwords and user accounts are passed as plaintext command-line arguments (e.g.,
--password,-u,-p), which can lead to exposure in command history or process monitoring logs. - [CREDENTIALS_UNSAFE]: The skill stores sensitive authentication tokens in the local
~/.kweaver/directory. - [COMMAND_EXECUTION]: Broad command execution capabilities are provided through the
kweaverCLI, allowing for extensive management of knowledge networks, agents, and data sources. - [DATA_EXFILTRATION]: The
kweaver callandkweaver curlcommands allow the agent to perform arbitrary HTTP requests to any URL, which could be used for data exfiltration. - [EXTERNAL_DOWNLOADS]: The skill downloads the
@kweaver-ai/kweaver-sdkandplaywrightpackages from official registries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources like databases and CSV files. Ingestion points: Data retrieved via
kweaver bkn object-type query,kweaver ds tables, andkweaver vega catalog resources(documented in SKILL.md and reference files). Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation. Capability inventory: The agent can execute anykweaverCLI command viaBash. Sanitization: There is no evidence of sanitization or validation of the data retrieved from external systems before it is processed by the agent.
Audit Metadata