kata-map-codebase
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Git CLI commands (
git ls-files,git diff,git rev-parse,git commit) to determine the project state and commit generated documentation to the repository. - [COMMAND_EXECUTION]: The orchestrator runs local Node.js scripts (
scripts/generate-intel.jsandscripts/scan-codebase.cjs) to aggregate findings and extract structural information from the codebase. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes the content of arbitrary source code files within the project.
- [PROMPT_INJECTION]: 1. Ingestion points: Source code files and generated documentation in '.planning/codebase/'. 2. Boundary markers: No explicit delimiters or instructions are used to separate untrusted code content from agent instructions. 3. Capability inventory: File system read/write, Git CLI execution, and local Node.js execution. 4. Sanitization: The 'scan-codebase.cjs' script strips comments from source code before performing regex-based extraction of imports and exports, providing a basic defense against instructions hidden in comments.
Audit Metadata