bkit-rules
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing untrusted data (user task descriptions and project file structures) to automatically classify project levels and trigger subsequent agent actions.
- Ingestion points: User requests (e.g., "Add login", "Save data") and project file paths/contents (SKILL.md).
- Boundary markers: Absent; the skill relies on keyword matching and the presence of specific directories without explicit delimiters for untrusted content.
- Capability inventory: Automatically invokes specialized agents (e.g.,
bkit:code-analyzer,bkit:qa-monitor,bkit:report-generator) based on detected triggers. - Sanitization: No sanitization or validation of the input strings or file path metadata is described.
- [COMMAND_EXECUTION]: The skill includes documentation recommending the configuration of broad wildcard permissions (
Bash(npm *),Bash(node *),Bash(npx *)) in the environment's settings. While intended for development convenience, this encourages a security posture that allows the agent to execute arbitrary commands through those binaries.
Audit Metadata