kanban-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): Indirect prompt injection surface detected via file ingestion.
- Ingestion points: The agent reads and parses content from
KANBAN.mdin the current working directory across several operations (Add, Move, View, Archive, Review). - Boundary markers: None are present; the skill instructions do not specify delimiters to separate task data from instructions.
- Capability inventory: The skill is limited to reading and writing local files (specifically
KANBAN.mdand templates). - Sanitization: No validation or sanitization is performed on the card titles or descriptions before they are processed by the agent.
Audit Metadata