kata-resume-work
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as ls, cat, and find to examine the local project environment and determine the current state. These commands are used to locate status files and identify incomplete tasks within the .planning directory.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads information from potentially untrusted project files and includes that content in the commands it suggests to the user.
- Ingestion points: Content is read from STATE.md, PROJECT.md, ROADMAP.md, PLAN.md, and agent-history.json.
- Boundary markers: Absent. The skill does not use delimiters or warnings to separate external data from its own instructions.
- Capability inventory: The skill uses shell commands for project state detection and generates copy-pasteable commands for the agent to continue its workflow.
- Sanitization: Absent. Content extracted from the project files is interpolated directly into the skill's output for user presentation.
Audit Metadata