kbo-results
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
kbo-gamenpm package from the public registry usingnpm install -gto perform its primary function. - [COMMAND_EXECUTION]: Shell commands are used to check for global package installation and execute an inline Node.js script that imports the package to fetch data.
- [PROMPT_INJECTION]: The skill processes external sports data retrieved via the npm package. While this data enters the agent context (Category 8 surface), the skill is designed for information retrieval and does not expose dangerous capabilities that could be exploited via indirect injection.
Audit Metadata