kata-doctor
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill operates locally on project metadata and follows the principle of least privilege.
- [COMMAND_EXECUTION]: Employs standard system utilities (
mv,ls,grep,git) and project-specific helper scripts (scripts/kata-lib.cjs) to maintain project structure. The script logic demonstrates defensive programming by sanitizing inputs from parsed files (e.g., usingtr -cd 'a-z0-9-'on phase names) before using them in shell commands to prevent injection. - [DATA_EXFILTRATION]: The skill does not perform any network operations or access sensitive user credentials. Its scope is limited to the
.planning/directory and its associated metadata files.
Audit Metadata