kata-complete-milestone
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICAL
Full Analysis
- [DATA_EXFILTRATION] (SAFE): No sensitive data exposure or unauthorized network requests were found. All network-related strings point to reputable developer documentation.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns for remote code execution or untrusted dependency downloads were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted git commit messages to generate changelogs. (1) Ingestion points:
references/changelog-generator.mdviagit log. (2) Boundary markers: Mandatory human review gate (AskUserQuestion) is implemented before any file updates. (3) Capability inventory: Subprocess calls to git/sed/jq and filesystem writes to project metadata. (4) Sanitization: Strips conventional commit prefixes but relies on user review for message content. - [COMMAND_EXECUTION] (LOW): Utilizes bash commands (git, sed, awk, jq) for project maintenance tasks, which is appropriate for the skill's functionality.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata