kb-find
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/kb_loader.pyto index topics and retrieve structured metadata about knowledge bases. - [DATA_EXPOSURE]: The helper script accesses the global configuration file at
~/.claude/knowledge-base/config.jsonand explores the.claude/agents/directory to identify available knowledge sources and agent definitions. This access is consistent with the skill's intended purpose of knowledge base management. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted Markdown content across multiple tiers (Frontmatter, Table of Contents, and Full Read) without sanitization.
- Ingestion points: Markdown files identified during discovery and the knowledge base configuration file
~/.claude/knowledge-base/config.json. - Boundary markers: None. The instructions do not specify the use of delimiters or warnings to ignore embedded instructions within the knowledge base content.
- Capability inventory: Execution of local scripts (
kb_loader.py), file reading via agent tools, and directory traversal. - Sanitization: None. The content is extracted and presented to the agent context without escaping or validation.
Audit Metadata