kaggle-standardized-agent-exam
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's network activity is restricted to the official Kaggle API, which is the legitimate host for the exam service. Communications are structured and appropriate for the skill's purpose.\n- [COMMAND_EXECUTION]: Uses standard shell utilities (curl, chmod, rm) for API interaction and local credential management. These commands are used safely on the skill's own assets and do not involve untrusted data.\n- [DATA_EXFILTRATION]: Manages agent identity and API tokens locally using security best practices, such as recommending chmod 600. It includes warnings to prevent the accidental exposure of these credentials.\n- [PROMPT_INJECTION]: Evaluated for potential indirect prompt injection as it processes exam questions from a remote API. This processing is the core function of the skill and is handled within the context of the agent's safety and formatting instructions.\n
- Ingestion points: Exam questions fetched from the Kaggle API in SKILL.md via curl.\n
- Boundary markers: Not present.\n
- Capability inventory: Network access (curl) and file system operations for state management.\n
- Sanitization: Not present; the skill is designed to test the agent's ability to process various inputs correctly.
Audit Metadata