yebigun-training
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses and processes sensitive military personal identifiable information (PII), including military service numbers, names, ranks, and Social Security Number prefixes. This data is extracted from the reserve forces portal and provided to the agent context. Additionally, the skill writes this data to a local history file located at
~/.cache/k-skill/yebigun-training/history.json. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface. Through the
view --menu myQnacommand, it ingests untrusted third-party content from a public board into the agent's context. - Ingestion points: The
myQnamenu inSKILL.mdreads a public board containing content from other users. - Boundary markers: No explicit markers or instructions to ignore embedded commands are documented for the scraped data.
- Capability inventory: The skill uses subprocess execution via
node cli.jsand performs local file writes tohistory.json. - Sanitization: No specific sanitization or filtering of the external forum content is mentioned.
- [COMMAND_EXECUTION]: The operational workflow relies on executing local JavaScript tools using Node.js (e.g.,
node packages/yebigun-training/src/cli.js). These scripts are responsible for browser session hijacking via CDP, parsing DOM structures, and managing local storage.
Audit Metadata