kf-agent-research-report-only-unless-approved
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of malicious prompt injection found. The instructions are designed to restrict agent autonomy and ensure human-in-the-loop confirmation for file system changes.
- [DATA_EXFILTRATION]: No sensitive file paths or exfiltration patterns detected. The skill permits non-destructive operations like reading files and searching text, which are standard for research tasks.
- [COMMAND_EXECUTION]: The skill explicitly forbids destructive command execution (like git operations or dependency updates) without prior user consent.
- [REMOTE_CODE_EXECUTION]: No remote scripts, package installations, or dynamic code execution patterns are present.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided research requests (ingestion point). While it lacks specific boundary markers for external data, its core logic acts as a defensive measure by defaulting to a 'report-only' mode, significantly reducing the risk of accidental execution of instructions embedded in analyzed files.
Audit Metadata