kmsg
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/install.shscript downloads a binary file from a non-trusted GitHub repository (github.com/channprj). The binary is downloaded directly usingcurlto a local bin directory. - [REMOTE_CODE_EXECUTION]: The installation script sets executable permissions on the downloaded binary and immediately executes it (
kmsg --version). This pattern of downloading and running arbitrary binaries from the internet bypasses standard security vetting and can lead to system compromise. - [COMMAND_EXECUTION]: The skill uses
osascriptto run complex AppleScripts that interact with the system's Accessibility API to control the KakaoTalk UI. It also modifies the user's shell configuration (~/.zshrc) to persist changes to the systemPATHenvironment variable. - [PROMPT_INJECTION]: The skill processes untrusted chat message data which could contain malicious instructions for the agent.
- Ingestion points: Reads chat history from KakaoTalk via the
kmsg readcommand and thekmsg_readMCP tool. - Boundary markers: Absent; there are no specific markers or instructions to ignore commands within the message body.
- Capability inventory: The skill provides commands to send messages (
kmsg send) and perform UI-based automation through AppleScript. - Sanitization: Absent; the skill does not appear to sanitize or validate the content of retrieved messages before presenting them to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata