konecty-meta-read
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/meta_read.pyreads sensitive administrative credentials from~/.konecty/.envand~/.konecty/credentialsto authenticate API requests. - [DATA_EXFILTRATION]: The skill facilitates the retrieval of system-level metadata objects. As documented in
references/meta-schemas.md, thenamespacemetadata type can expose infrastructure secrets, including SMTP (Simple Mail Transfer Protocol) credentials and RabbitMQ connection strings containing plaintext passwords. - [CREDENTIALS_UNSAFE]: The documentation file
references/meta-schemas.mdcontains hardcoded example credentials, including an AWS access key pattern (AKIA...) and RabbitMQ URIs containing plaintext passwords (amqp://user:pass@host:5672). - [PROMPT_INJECTION]: The skill ingests JavaScript hook code from the Konecty API (ingestion point:
scripts/meta_read.py). Boundary markers are absent in the prompt interpolation. The capability inventory indicates no command execution or file-write functions in the skill scripts. Sanitization of the retrieved code is absent, creating a surface for indirect prompt injection if the agent interprets the hook code as instructions.
Audit Metadata