kalopilot

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on scripts/pilot.sh to interface with the KaloPilot API. The agent is instructed to pass user-provided queries as arguments to this script. This introduces a risk of command injection if the agent fails to properly escape shell metacharacters (e.g., backticks, dollar signs) present in the user input.
  • [DATA_EXFILTRATION]: The skill manages a sensitive API token stored in ~/.kalopilot/token. While the instructions follow best practices by setting restrictive file permissions (chmod 600), the token is stored in plain text and is read by the helper script to be sent to the KaloPilot API endpoint (staging.kalodata.com). This is the intended functionality of the skill but involves handling sensitive credentials.
  • [EXTERNAL_DOWNLOADS]: The skill is installed from an external GitHub repository (github.com/sailtonight/kalopilot-skill). It also performs network requests to staging.kalodata.com and utilizes external services like Tavily for web searches, as documented in the utility references.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes data from external sources including TikTok, Shopee, Lazada, and general web results.
  • Ingestion points: The URL Lookup and Web Search tools described in references/utilities.md allow the agent to ingest content from arbitrary external websites and social media platforms.
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the retrieved external content as untrusted or to ignore embedded instructions within that data.
  • Capability inventory: The skill has the capability to execute shell scripts (pilot.sh), perform network operations via curl, and write/modify local files (token management).
  • Sanitization: No sanitization, filtering, or validation steps are defined for the data returned from external URLs or search results before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 06:45 AM
Security Audit — agent-trust-hub — kalopilot