kstartup-search

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays content from the external K-Startup API. Maliciously crafted information within the API responses could potentially influence the agent's behavior.
  • Ingestion points: Untrusted data is retrieved from the K-Startup API via network requests in scripts/run_kstartup.py.
  • Boundary markers: The skill uses [summary] prefixes in its text output to delimit results, but does not provide instructions to ignore any embedded directives.
  • Capability inventory: The skill has network access (urllib.request) and reads local configuration files (~/.config/k-skill/secrets.env).
  • Sanitization: External content is displayed as-is without specific sanitization or escaping to prevent prompt manipulation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 06:09 AM