kitty
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill facilitates the ingestion of untrusted data from terminal buffers which could contain malicious instructions.
- Ingestion points: The
kitten @ get-textcommand allows the agent to read visible text or scrollback buffers from any Kitty window (SKILL.md). - Boundary markers: Absent. The instructions do not provide delimiters or warnings to treat terminal output as untrusted data.
- Capability inventory: The skill allows for arbitrary command execution via
kitten @ launchandkitten @ send-text(SKILL.md). - Sanitization: Absent. There is no evidence of filtering or sanitizing the text retrieved from terminal windows before processing.
- [Command Execution] (SAFE): The skill is explicitly designed to manage terminal processes using
kitten @commands. While this allows arbitrary command execution, it is the primary and stated purpose of the skill.
Audit Metadata