kbl-results
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
kbl-resultspackage globally via npm, which introduces a third-party dependency into the execution environment. - [COMMAND_EXECUTION]: The skill uses shell commands to install software and run a Node.js script using a heredoc (
<<'JS'). - [REMOTE_CODE_EXECUTION]: The Node.js script uses dynamic ESM imports (
await import(entry)) to load and execute code from a path constructed at runtime (path.join(...)), which is a form of dynamic code loading. - [DATA_EXFILTRATION]: The skill performs network operations targeting
api.kbl.or.kr. This is the official domain for the Korean Basketball League and matches the stated purpose of the skill.
Audit Metadata