control
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [PRIVILEGE_ESCALATION]: The skill manages the agent's autonomy level. It explicitly implements a security gate requiring user confirmation via the 'AskUserQuestion' tool when escalating to higher automation levels (L3-L4), which prevents the agent from assuming high autonomy without oversight.- [DATA_EXFILTRATION]: While the skill reads sensitive-looking configuration files in the '.bkit/' directory, it does not use any network-enabled tools or demonstrate patterns of sending data to external endpoints.- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to update local state and audit logs. The execution is limited to predefined logic for state management and does not allow for arbitrary command injection or remote script execution.- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local JSON files ('.bkit/runtime/control-state.json'). This represents an attack surface for indirect injection if these files are modified by an external process. However, the skill validates the 'level' input (0-4) and uses manual approval gates for state changes, effectively mitigating the risk of the agent being misdirected by malicious state data.
Audit Metadata