Skills
AGENT LAB: SKILLS
skills/shepsci/kaggle-skill/kaggle/Gen Agent Trust Hub

kaggle

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Persistence Mechanisms (MEDIUM): The modules/badge-collector/scripts/phase_5_streaks.py script generates a bash script (daily_streak.sh) and provides the user with platform-specific instructions to install it as a scheduled task using cron (Linux) or launchd (macOS). While the installation requires manual user intervention, this design is intended to maintain long-term, automated activity on the Kaggle platform.
  • Dynamic Execution (MEDIUM): The skill employs several dynamic execution patterns to facilitate its modularity and automation goals:
  • modules/badge-collector/scripts/orchestrator.py uses the __import__ function to dynamically load phase-specific logic based on runtime arguments.
  • modules/badge-collector/scripts/phase_5_streaks.py programmatically assembles and writes a shell script to the disk for later execution.
  • Multiple scripts use subprocess.run to execute dynamically constructed CLI commands for the kaggle tool.
  • Indirect Prompt Injection (LOW): The modules/comp-report/ module facilitates a workflow that ingests untrusted data from an external source.
  • Ingestion points: Competition overview pages, evaluation metrics, and solution writeup links are scraped from https://www.kaggle.com using Playwright tools.
  • Boundary markers: Scraped content is interpolated into Markdown reports. There are no explicit boundary markers or instructions to the agent to ignore potentially malicious content embedded in competition titles or descriptions.
  • Capability inventory: The skill possesses significant capabilities, including network access, file system modification, and the ability to execute code on the Kaggle Kernel Backend (KKB).
  • Sanitization: No explicit sanitization or validation of the scraped HTML/text content was found before it is included in the generated reports.
  • Remote Code Execution (SAFE): The skill facilitates remote code execution via kaggle kernels push. This is a standard feature of the Kaggle platform (KKB) and is used here as intended to execute data science notebooks in a sandboxed environment.
  • Credential Management (SAFE): The registration and credential-checking modules (modules/registration/, shared/check_all_credentials.py) follow security best practices. They use chmod 600 to secure the ~/.kaggle/kaggle.json file and implement masking to ensure that API keys are never printed in plain text to the console or logs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:21 PM