Skills
skills/popup-studio-ai/bkit-claude-code/bkend-storage/Gen Agent Trust Hub

bkend-storage

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill lists Bash as an allowed tool, which permits the execution of arbitrary shell commands. While often used for legitimate development tasks, this capability increases the impact of potential instruction overrides.
  • [EXTERNAL_DOWNLOADS]: The skill references multiple documentation files hosted on the author's official GitHub repository (github.com/popup-studio-ai/bkend-docs). These are vendor-owned resources and are documented neutrally as intended functionality.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to fetch and follow instructions from external documentation.
  • Ingestion points: Documentation URLs such as https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/storage/01-overview.md.
  • Boundary markers: The skill does not define explicit delimiters or instructions to ignore potential commands embedded in the external content.
  • Capability inventory: The agent has access to Bash and mcp__bkend__* tools, which could be misused if malicious instructions were injected into the documentation source.
  • Sanitization: No evidence of sanitization or validation of the content retrieved via the referenced URLs is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 06:04 PM