kata-insert-phase
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill reads and processes content from .planning/ROADMAP.md and .planning/STATE.md to determine where to insert new phases.\n
- Ingestion points: .planning/ROADMAP.md and .planning/STATE.md.\n
- Boundary markers: Absent; the skill relies on Markdown header structures (e.g., ### Phase N:) to parse and locate insertion points.\n
- Capability inventory: File system modification (updates to ROADMAP.md and STATE.md), directory creation (mkdir -p), and execution of local scripts via node and bash.\n
- Sanitization: No explicit delimiters or sanitization steps are defined to prevent the agent from obeying instructions that might be embedded within the project roadmap files.\n- [COMMAND_EXECUTION]: The skill uses bash and node to execute logic and validate state.\n
- Argument parsing and slug generation are performed using bash utilities such as echo, tr, and sed.\n
- Executes a local script 'node scripts/kata-lib.cjs' to check the roadmap format and conditionally triggers the 'kata-doctor' skill.
Audit Metadata