kata-set-profile
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses
lsandcatto check for and read a local project file (.planning/config.json). This is standard behavior for configuration management. - [DATA_EXPOSURE] (SAFE): The skill accesses a project-specific configuration file; there is no evidence of access to sensitive system files (e.g., SSH keys, AWS credentials) or data exfiltration.
- [PROMPT_INJECTION] (SAFE): The skill includes a validation step that restricts the
profileargument to a whitelist of allowed values ('quality', 'balanced', 'budget'), effectively mitigating shell injection and directory traversal risks.
Audit Metadata