kstartup-search
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays content from the external K-Startup API. Maliciously crafted information within the API responses could potentially influence the agent's behavior.
- Ingestion points: Untrusted data is retrieved from the K-Startup API via network requests in
scripts/run_kstartup.py. - Boundary markers: The skill uses
[summary]prefixes in its text output to delimit results, but does not provide instructions to ignore any embedded directives. - Capability inventory: The skill has network access (
urllib.request) and reads local configuration files (~/.config/k-skill/secrets.env). - Sanitization: External content is displayed as-is without specific sanitization or escaping to prevent prompt manipulation.
Audit Metadata