kweaver-core
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install a global Node.js package 'kweaver-caller' from the NPM registry to enable its functionality.
- [COMMAND_EXECUTION]: The entire skill is built around executing local CLI commands ('kweaverc') to interact with the KWeaver platform, including managing resources and executing actions.
- [CREDENTIALS_UNSAFE]: The skill documentation describes managing authentication tokens via commands like 'kweaverc token' and 'kweaverc auth', which involve handling sensitive OAuth credentials.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Data is ingested through 'kweaverc context-loader kn-search' and 'kweaverc bkn object-type query' (detailed in references/context-loader.md and references/bkn.md).
- Boundary markers: No explicit instructions are provided to the agent to treat retrieved knowledge data as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The skill has the capability to execute state-changing actions via 'kweaverc bkn action-type execute', as well as resource management via 'create', 'update', and 'delete' commands (detailed in references/bkn.md).
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from the Business Knowledge Network before it is used to influence further agent actions.
Audit Metadata