Skills
skills/gannonh/kata-orchestrator/kata-add-issue/Gen Agent Trust Hub

kata-add-issue

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to manage directories, move files, and search for content using utilities like find, grep, xargs, mkdir, and mv.
  • [COMMAND_EXECUTION]: Uses the git CLI to add and commit issue files to the repository.
  • [EXTERNAL_DOWNLOADS]: Interacts with GitHub using the gh CLI to create labels, view repository metadata, and create new issues on the remote server.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it extracts titles and descriptions from the conversation context and uses them to build shell commands.
  • Ingestion points: Data is extracted from the "recent conversation" in the extract_content step (SKILL.md).
  • Boundary markers: No boundary markers or "ignore" instructions are used when interpolating extracted data into the issue templates or shell commands.
  • Capability inventory: The skill has capabilities to execute shell commands (bash), modify the file system, commit to Git, and communicate with GitHub via gh.
  • Sanitization: There is no evidence of sanitization or escaping for shell metacharacters in the extracted $TITLE, problem, or solution variables before they are used in commands like gh issue create --title "$TITLE".
  • [COMMAND_EXECUTION]: Executes a local Node.js script located at scripts/kata-lib.cjs to read configuration values. This is treated as a vendor-specific resource.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 11:59 AM