Skills
skills/gannonh/kata-orchestrator/kata-execute-quick-task/Gen Agent Trust Hub

kata-execute-quick-task

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading content from external issue files and interpolating it into sub-agent prompts.
  • Ingestion points: The skill reads the ## Problem section from a file specified via the --issue flag in $ARGUMENTS (SKILL.md).
  • Boundary markers: The agent prompt uses XML-style tags like <planning_context> and <constraints> to separate external data from system instructions (SKILL.md).
  • Capability inventory: The skill and its sub-agents have capabilities including file system access (mkdir, ls, cat, sed), Git operations (commit, checkout, branch, push), and GitHub CLI access (gh pr create, gh issue close).
  • Sanitization: While metadata like the issue title is processed, the problem description is interpolated directly into the planner's prompt without specific escaping for prompt injection (SKILL.md).
  • [COMMAND_EXECUTION]: The skill executes several shell commands to manage the task lifecycle.
  • File Operations: Uses mkdir, ls, cat, grep, and sed to manage project structure and extract metadata.
  • Git Operations: Performs commits and branch management based on user-provided task descriptions.
  • GitHub Integration: Uses the gh CLI to create pull requests and close issues based on project configuration.
  • Local Script Execution: Executes node scripts/kata-lib.cjs to retrieve configuration values, which is a project-local utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 11:59 AM