kirby-upgrade-and-maintenance

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources that may contain instructions.
  • Ingestion points: Data is pulled from external upgrade guides via kirby:kirby_online and kirby:kirby_search, and from local pages via kirby:kirby_render_page.
  • Boundary markers: There are no delimiters or instructions provided to the agent to treat fetched content as data rather than instructions.
  • Capability inventory: The skill utilizes tools like kirby:kirby_runtime_install and executes project scripts found during audits, providing a path for execution of influenced logic.
  • Sanitization: There is no process described for sanitizing or validating the content retrieved from external or local sources before processing.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of system commands and project-specific scripts through tools like kirby:kirby_runtime_install and the processing of composer audit results. While intended for maintenance, these capabilities could be misused if the agent is influenced by malicious input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:48 AM
Security Audit — agent-trust-hub — kirby-upgrade-and-maintenance