takt-analyze
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for static and diagnostic analysis of TAKT-specific components. It validates YAML structure, checks facet quality against style guides, and diagnoses execution logs to improve workflow efficiency without modifying files or accessing sensitive data.
- [PROMPT_INJECTION]: The skill processes untrusted external data (YAML, Markdown, and JSONL logs), which introduces an indirect prompt injection surface. However, the risk is classified as safe/low because the ingestion is central to the skill's primary purpose and it lacks 'teeth' such as shell execution or network capabilities.
- Ingestion points: Reads configuration and log files from
.takt/and~/.takt/directories. - Capability inventory: Read-only analysis and reporting; no system commands or external communication detected.
- Boundary markers: The workflow does not define specific delimiters or instructions to ignore commands within processed data.
- Sanitization: No explicit input sanitization or validation logic is described for the content of the analyzed files.
Audit Metadata