gkg
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Bun-based CLI script (
gkg.ts) to interact with a local Model Context Protocol server at http://127.0.0.1:27495/mcp. This allows the agent to execute structural analysis and symbol searches on the local filesystem. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it retrieves raw source code implementation details.
- Ingestion points: File content is read via the
read-definitionscommand inscripts/gkg.ts. - Boundary markers: No explicit delimiters or instructions are added to the retrieved code to prevent the agent from obeying embedded comments.
- Capability inventory: The skill can read any file within a project path specified by the agent using
read-definitions,get-references, andrepo-map. - Sanitization: No sanitization or filtering is performed on the retrieved source code before it is passed to the agent.
Audit Metadata