kata-add-milestone
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of local command-line tools including
git,gh(GitHub CLI), and a local Node.js script (scripts/kata-lib.cjs). These are used to manage the project lifecycle, repository state, and planning documents.\n- [EXTERNAL_DOWNLOADS]: Subagents spawned during the research phase are instructed to useWebSearchandWebFetchto gather information on technology stacks, architecture patterns, and domain-specific features. These operations are restricted to the research context to inform project requirements.\n- [DATA_EXFILTRATION]: The skill interacts with the GitHub API to create milestones and issues. This involves sending project-specific information such as milestone goals and phase descriptions to the user's repository on GitHub, which is a well-known service.\n- [PROMPT_INJECTION]: The skill uses structured XML-like tags (e.g.,<agent-instructions>,<milestone_context>) to pass data and instructions to subagents, providing clear boundaries between system instructions and processed data.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from user inputs and local issue files (.planning/issues/open/*.md) to generate requirements and roadmaps. \n - Ingestion points: Reads project planning files, user responses to
AskUserQuestion, and backlog issue files.\n - Boundary markers: Uses explicit tags in task prompts for subagents to distinguish between instructions and data.\n
- Capability inventory: Executes shell commands (
git,gh), writes to the local file system, and spawns subagents.\n - Sanitization: Uses temporary files (
/tmp/phase-issue-body.md) and the GitHub CLI's--body-fileflag to safely handle special characters in phase descriptions when creating issues.
Audit Metadata