Skills
skills/gannonh/kata-orchestrator/kata-list-phase-assumptions/Gen Agent Trust Hub

kata-list-phase-assumptions

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to validate and extract information from local project files.
  • Evidence: cat .planning/ROADMAP.md | grep -i "Phase ${PHASE}" in references/phase-assumptions.md.
  • The variable ${PHASE} is sourced from user-provided arguments. If the execution environment does not adequately sanitize these arguments, it could allow for command injection (e.g., appending malicious commands after the phase number).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from local project files.
  • Ingestion points: .planning/STATE.md and .planning/ROADMAP.md are loaded into the agent's context in SKILL.md.
  • Boundary markers: Absent. There are no delimiters or explicit instructions provided to the agent to treat the contents of these files as untrusted data or to ignore any embedded instructions.
  • Capability inventory: The skill has the capability to execute shell commands (cat, grep) and provides technical analysis based on the ingested content.
  • Sanitization: Absent. The content from the planning files is analyzed and presented directly to the user without any filtering or validation of the text content for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 12:00 PM