Skills
skills/cabinet-fe/cat-kit/cat-kit-fe/Gen Agent Trust Hub

cat-kit-fe

Warn

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill documents methods to access and modify browser cookies (cookie.get, cookie.getAll) and Web Storage (storage.local, storage.session). These mechanisms are the primary locations for storing session tokens, JWTs, and other sensitive authentication data.
  • [DATA_EXFILTRATION]: Provides the agent with capabilities to read from the system clipboard (clipboard.readText) and local files (readChunks). These tools serve as primitives for accessing private user information from the local environment.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by documenting data ingestion tools without providing safety guidelines for their use.
  • Ingestion points: System clipboard access via clipboard.readText() and local file reading via readChunks() in the web-api and file modules.
  • Boundary markers: The documentation lacks instructions for using delimiters or boundary markers to isolate ingested content from agent instructions.
  • Capability inventory: The skill provides significant write access to the browser environment, including cookie.set(), storage.set(), and clipboard.copy(), which could be abused by malicious instructions in ingested data.
  • Sanitization: There is no documentation or requirement for sanitizing, validating, or escaping data read from external sources before it is processed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 02:22 PM