Skills
skills/konecty/skills/konecty-meta-namespace/Gen Agent Trust Hub

konecty-meta-namespace

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a custom Python script (scripts/meta_namespace.py) to perform administrative updates to the Konecty platform's Namespace singleton via its REST API.
  • [PROMPT_INJECTION]: The skill ingests configuration data from a remote API and local JSON files, representing an indirect prompt injection surface.
  • Ingestion points: API response data processed in scripts/meta_namespace.py and local file input via the upsert command.
  • Boundary markers: No explicit delimiters are used to wrap or sanitize the data retrieved from the API before it is presented to the agent.
  • Capability inventory: The skill is capable of performing network GET/PUT requests and reading local files.
  • Sanitization: Data is parsed as JSON but lacks specific sanitization for natural language instructions.
  • [SAFE]: Authenticates using standard vendor-specific configuration files located in the user's home directory (~/.konecty/credentials). This behavior is consistent with the intended administrative use case and author context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:25 PM