mikado
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to perform build, type-check, and test operations as part of its verification cycle (Step C). This is the intended primary purpose of the skill and is triggered by user invocation. Additionally, it uses shell commands for environment setup (e.g., creating symlinks with
ln -s) and repository management (e.g.,git checkoutfor reverting). - [INDIRECT_PROMPT_INJECTION]: The skill processes content from local markdown files stored in the
.mikado/directory to manage task graphs. While this represents a potential attack surface if an attacker can modify these files, the skill interprets the data as a structured checklist, and any resulting actions (like code changes or verification) are performed under user supervision. - Ingestion points: Reads
.mikado/*.mdfiles (SKILL.md). - Boundary markers: Absent. The skill parses markdown sections directly.
- Capability inventory: File system writes (symlinks), execution of build/test scripts, and git revert operations (SKILL.md).
- Sanitization: Absent. The skill relies on structured parsing of the markdown format.
Audit Metadata