kg-extract
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it is designed to ingest and process data from arbitrary local source files. External content in those files could contain instructions intended to influence the agent's behavior during entity extraction or data storage.
- Ingestion points: Uses 'Glob' and 'Read' tools to scan local files at a user-provided path.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for the file processing steps.
- Capability inventory: The agent has access to 'Bash' and specialized MCP tools for database storage ('agentdb_hierarchical-store', 'agentdb_causal-edge').
- Sanitization: The instructions do not specify validation or sanitization of the content extracted from the source files before it is passed to storage tools.
- [EXTERNAL_DOWNLOADS]: The documentation includes instructions for a CLI alternative that utilizes 'npx' to download and run the '@claude-flow/cli' package from the public npm registry.
Audit Metadata