kata-verify-work
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from user test reports (verbatim responses) which are later used to prompt subagents during the diagnosis phase.
- Ingestion points:
references/UAT-template.md(reported field) andreferences/diagnose-issues.md(parse_gaps step). - Boundary markers: User input is encapsulated within YAML fields and markdown code blocks.
- Capability inventory: The orchestrator can spawn subagents (
Taskcalls), read/write files in the.planningdirectory, and executegit commitcommands. - Sanitization: No explicit sanitization is described, but the context is limited to debugging local code.
- [Command Execution] (SAFE):
references/diagnose-issues.mdincludes shell commands for configuration checks and git operations (git add,git commit). These are legitimate and restricted to the development environment's lifecycle management. - [Dynamic Execution] (SAFE): The orchestration logic in
references/diagnose-issues.mdinvolves spawning subagents with dynamically generated prompts. This is a standard and expected mechanism for the skill's stated purpose of parallelized debugging.
Audit Metadata