kata-doctor
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard system utilities (mv, git, grep, sort) and local scripts to perform project maintenance. All operations are confined to the project directory and are consistent with the skill's stated purpose.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill processes untrusted user data from
ROADMAP.mdduring phase directory migrations. - Ingestion points: The
.planning/ROADMAP.mdfile is read in themigrate_phase_collisionsstep. - Boundary markers: The script uses specific regular expressions (
Phase [0-9.]+:) to identify relevant data lines. - Capability inventory: File renaming (
mv), document updates (Write tool), and version control (git commit). - Sanitization: Extracted data is strictly sanitized using
tr -cd 'a-z0-9-', stripping any characters that could lead to shell injection or path traversal before being used in file system commands. - [DYNAMIC_EXECUTION] (SAFE): Scripts
check-config.shandcheck-template-drift.shuse inline Node.js code to handle JSON parsing and template comparison. These scripts use built-in modules only and do not download external dependencies.
Audit Metadata