bakong-khqr
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard NPM packages
bakong-khqrandts-khqr. These are relevant to the primary purpose of KHQR integration and do not use suspicious installation methods like piped shell scripts. - [DATA_EXFILTRATION] (SAFE): Communication is directed to official Bakong infrastructure (
api-bakong.nbc.org.kh). There are no patterns suggesting exfiltration of sensitive files or credentials to unknown domains. - [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to subvert the agent's behavior, extract system prompts, or bypass safety protocols.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines a surface for processing untrusted data (KHQR strings and API responses). Although this presents a theoretical attack surface, it is consistent with the skill's utility and the risk is mitigated by recommended validation steps.
- Ingestion points:
references/khqr-sdk.md(QR decoding) andreferences/open-api.md(API response processing). - Boundary markers: Not explicitly defined in the reference snippets, though the data is handled as structured JSON.
- Capability inventory: Includes network operations for transaction status checks.
- Sanitization: The documentation explicitly recommends using
BakongKHQR.verifyto validate inputs before processing.
Audit Metadata