Skills
skills/gannonh/kata-orchestrator/kata-customize/Gen Agent Trust Hub

kata-customize

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Template names extracted from $ARGUMENTS are used directly in shell commands within SKILL.md (e.g., node scripts/kata-lib.cjs resolve-template "$TEMPLATE_NAME"). This pattern allows for potential command injection if the input contains shell metacharacters like backticks or subshell expansions, even when double-quoted.\n- [PROMPT_INJECTION]: The skill discovery script scripts/list-templates.sh reads all markdown files from sibling kata-* skill directories to extract template metadata. Since this external data is displayed to the agent without sanitization or boundary markers, a malicious sibling skill could inject instructions into the template descriptions to influence the agent's behavior.\n
  • Ingestion points: scripts/list-templates.sh (reads ../../kata-*/references/*.md)\n
  • Boundary markers: Absent; extracted metadata is displayed directly in a markdown table.\n
  • Capability inventory: Shell execution (bash, node), file system modifications (mkdir, cp), and use of the Edit tool.\n
  • Sanitization: Absent; the script performs basic YAML extraction without content validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 12:00 PM