Skills
skills/gannonh/kata-orchestrator/kata-track-progress/Gen Agent Trust Hub

kata-track-progress

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands (bash) to interact with the local file system, verifying directory structures and counting files using tools like find, wc, and grep.
  • [COMMAND_EXECUTION]: It interacts with the GitHub CLI (gh) to fetch Pull Request status, including titles, numbers, and states (draft, merged, open) for the current branch.
  • [COMMAND_EXECUTION]: The skill executes a local script scripts/kata-lib.cjs using Node.js to perform roadmap validation and configuration reading.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it ingests and summarizes untrusted data from project files and source code.
  • Ingestion points: Project management files (e.g., STATE.md, ROADMAP.md, SUMMARY.md) and the entire codebase during mapping.
  • Boundary markers: Uses markdown headers and code blocks to separate file content, but lacks explicit "ignore embedded instructions" warnings for the agent.
  • Capability inventory: Access to shell execution (bash), file system read/write, and the ability to invoke other skills like kata-doctor.
  • Sanitization: No explicit sanitization or filtering of external content is mentioned before it is processed and presented in reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 11:59 AM