Skills
skills/gannonh/kata-skills/kata-plan-phase/Gen Agent Trust Hub

kata-plan-phase

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Command Execution] (LOW): The script scripts/update-issue-plans.py uses subprocess.run to execute the gh (GitHub) CLI. Although it uses argument lists (preventing shell injection), it grants the agent capability to modify remote repository metadata.
  • [Indirect Prompt Injection] (LOW): The skill creates an attack surface by reading and writing markdown content between local files and GitHub issues without sanitization.
  • Ingestion points: scripts/update-issue-plans.py reads from a local checklist_file and fetches remote issue bodies via gh issue view.
  • Boundary markers: Absent. The script does not utilize delimiters or instructional guards to prevent the agent from misinterpreting embedded markdown instructions.
  • Capability inventory: The script has file-read permissions and command execution via the gh binary.
  • Sanitization: Absent. Content is processed via regex substitution and written directly to a temp file then uploaded.
  • [Metadata Poisoning] (LOW): An external automated scan detected a blacklisted URL in REQUIREMENTS.md. This file was not provided for manual review, but the alert suggests the presence of potentially malicious external references in the skill's metadata or documentation.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 08:18 PM