yebigun-training

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses and processes sensitive military personal identifiable information (PII), including military service numbers, names, ranks, and Social Security Number prefixes. This data is extracted from the reserve forces portal and provided to the agent context. Additionally, the skill writes this data to a local history file located at ~/.cache/k-skill/yebigun-training/history.json.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface. Through the view --menu myQna command, it ingests untrusted third-party content from a public board into the agent's context.
  • Ingestion points: The myQna menu in SKILL.md reads a public board containing content from other users.
  • Boundary markers: No explicit markers or instructions to ignore embedded commands are documented for the scraped data.
  • Capability inventory: The skill uses subprocess execution via node cli.js and performs local file writes to history.json.
  • Sanitization: No specific sanitization or filtering of the external forum content is mentioned.
  • [COMMAND_EXECUTION]: The operational workflow relies on executing local JavaScript tools using Node.js (e.g., node packages/yebigun-training/src/cli.js). These scripts are responsible for browser session hijacking via CDP, parsing DOM structures, and managing local storage.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 05:27 AM
Security Audit — agent-trust-hub — yebigun-training