kata-add-phase
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external issue files (via the
--issueflag) and interpolates the 'title' field directly into theROADMAP.mdandSTATE.mdfiles. This creates a surface where malicious instructions in an issue file could be introduced into the project's planning context.\n - Ingestion points: External Markdown files located in
.planning/issues/open/.\n - Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating the issue title into the roadmap.\n
- Capability inventory: The skill can create directories, write to local project files, and execute local maintenance scripts.\n
- Sanitization: While the skill sanitizes descriptions for directory slugs (kebab-case), the full description is written to project files without sanitization.\n- [Command Execution] (SAFE): The skill utilizes standard shell utilities (
grep,sed,mkdir) and executes a local helper script (node scripts/kata-lib.cjs). These operations are consistent with the skill's purpose and are limited to the local environment.
Audit Metadata