agent-kanban
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. The agent is instructed to ingest and act upon untrusted data from an external source (the Kanban board).
- Ingestion points: The agent retrieves data using
ak get task <id>(SKILL.md, line 125) andak get note --task <id>(SKILL.md, line 128). - Boundary markers: There are no boundary markers or instructions to treat data retrieved from the board as untrusted or to ignore embedded instructions.
- Capability inventory: The agent is authorized to execute shell commands including
git commit,gh pr create(SKILL.md, line 16), and local test suites (SKILL.md, line 15). It can also update its own profile through the review process (SKILL.md, line 21). - Sanitization: No sanitization or validation of the retrieved task content is specified.
- [COMMAND_EXECUTION]: The skill relies on the execution of several CLI tools to perform its primary function.
- Evidence: Instructions include the use of
ak(Agent Kanban CLI),gitfor version control, andgh(GitHub CLI) for pull request management. The workflow specifically requires running local test suites and type checkers (SKILL.md, line 15), which may execute arbitrary code depending on the repository being worked on.
Audit Metadata