kaggle
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user-generated content (competition descriptions and solution writeups) from Kaggle. It effectively mitigates injection risks by wrapping this data in
<untrusted-content>boundary markers and providing explicit instructions to the agent to treat the content as data rather than directives. - [COMMAND_EXECUTION]: Several scripts utilize
subprocess.run()to interface with the official Kaggle CLI andcurl. This is legitimate behavior for a tool-wrapper skill and is used for platform interactions and API calls to official Kaggle infrastructure. - [CREDENTIALS_SAFE]: The skill manages sensitive Kaggle API tokens. It includes a dedicated credential checker that enforces secure file permissions (
chmod 600) and masks tokens in terminal output to prevent accidental exposure. - [PERSISTENCE]: While the badge collector module includes a streak automation feature, it does not automatically install persistence mechanisms like cron jobs. It generates a local helper script and provides manual scheduling instructions for the user, maintaining full user control over system modifications.
Audit Metadata