kirby-upgrade-and-maintenance
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources that may contain instructions.
- Ingestion points: Data is pulled from external upgrade guides via
kirby:kirby_onlineandkirby:kirby_search, and from local pages viakirby:kirby_render_page. - Boundary markers: There are no delimiters or instructions provided to the agent to treat fetched content as data rather than instructions.
- Capability inventory: The skill utilizes tools like
kirby:kirby_runtime_installand executes project scripts found during audits, providing a path for execution of influenced logic. - Sanitization: There is no process described for sanitizing or validating the content retrieved from external or local sources before processing.
- [COMMAND_EXECUTION]: The skill facilitates the execution of system commands and project-specific scripts through tools like
kirby:kirby_runtime_installand the processing of composer audit results. While intended for maintenance, these capabilities could be misused if the agent is influenced by malicious input.
Audit Metadata