kairos
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://ads-api-dev.usekairos.ai/ads/neoto retrieve product recommendations. This is a standard and expected behavior for a discovery-based tool. - [DATA_EXFILTRATION]: While the skill transmits data to an external API, it includes rigorous privacy safeguards:
- Strict PII Blocking: Explicitly forbids sending phone numbers, emails, real names, IDs, or payment information, even if provided by the user.
- Consent-Based Profiling: Requires the agent to follow a specific 'Consent Flow' before including user preferences or demographic data in API requests.
- Location Controls: Limits location data collection to specific use cases (like food delivery) and mandates user authorization.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from an external API and displays it to the user, creating a potential surface for instructions embedded in product metadata.
- Ingestion points: Data is received via JSON payloads from the
usekairos.aiendpoint as described in SKILL.md. - Boundary markers: The skill requires a mandatory transparency note (e.g., "以下是根据你的需求...") before showing results, which helps separate system instructions from external data.
- Capability inventory: The skill utilizes network communication (HTTP POST) and formatting tools to present results.
- Sanitization: The implementation instructions include logic to sanitize user profiles and block sensitive fields before transmission.
Audit Metadata