kit-extensions
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides examples for using the 'os/exec' package to spawn subprocesses and execute shell commands. Specifically, the 'Background Processing' pattern demonstrates executing 'sh -c args' where 'args' are passed directly from a slash command without sanitization.
- [PROMPT_INJECTION]: The skill outlines an indirect prompt injection surface. Ingestion points include user-provided slash command arguments and external file content (e.g., '.kit/context.md'). The capability inventory includes 'ctx.SendMessage' and 'BeforeAgentStartResult' for prompt modification. Boundary markers and sanitization are absent in the provided code patterns, creating a vulnerability surface where untrusted data can influence agent instructions.
- [DATA_EXFILTRATION]: Documents APIs such as 'ctx.GetSessionPath()' and 'ctx.GetEntries()' that expose the filesystem location of session JSONL files and allow retrieval of persistent session data.
- [REMOTE_CODE_EXECUTION]: Explains the framework's design for runtime interpretation of Go source files via the Yaegi engine, facilitating the dynamic execution of extension code within the agent's environment.
Audit Metadata