Skills
skills/caliluke/autok-install/auto-k-mcp/Gen Agent Trust Hub

auto-k-mcp

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests raw, potentially untrusted documents (notes, research, briefs) through the source tool to build a knowledge graph. This data is later retrieved and used to generate PRDs, technical designs, and agent-ready task specifications. There is a risk of indirect prompt injection if these source documents contain malicious instructions intended to manipulate the agent's output or behavior.\n
  • Ingestion points: The source(action="create") tool used to import files like brief.md into the active project (SKILL.md).\n
  • Boundary markers: Absent; instructions do not provide delimiters or clear directives to the agent to treat ingested source content as data rather than instructions.\n
  • Capability inventory: The skill can mutate graph state (create_nodes, edit_node), export tasks to external repositories (export_to_github), and create implementation briefings for other agents (get_task_spec).\n
  • Sanitization: Absent; the workflow lacks explicit validation or filtering steps for content provided in source documents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:27 PM
Security Audit — agent-trust-hub — auto-k-mcp