Skills
skills/gannonh/kata-skills/kata-review-pull-requests/Gen Agent Trust Hub

kata-review-pull-requests

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): High surface area for Indirect Prompt Injection. Several instructions (code-reviewer, comment-analyzer, failure-finder, pr-test-analyzer) mandate the analysis of untrusted source code and comments.
  • Ingestion points: git diff output, source files via Read tool, and PR descriptions.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters (like XML tags or markdown blocks) to isolate untrusted data from the agent's system instructions.
  • Capability inventory: Access to Read and Write tools, and shell command execution via ls.
  • Sanitization: None provided for the analysis of text/code content, leaving the agent vulnerable to instructions hidden in code comments or documentation.
  • [COMMAND_EXECUTION] (LOW): The entity-generator-instructions.md specifies the use of shell commands to check for existing files.
  • Evidence: ls .planning/intel/entities/{slug}.md 2>/dev/null is used to determine if an entity should be skipped.
  • Context: While this involves shell execution, the instructions include a 'generate slug' step that replaces slashes and dots with hyphens, which serves as a basic sanitization mechanism against path traversal or command injection if the filename is malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 08:18 PM