ultraqa
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute repository-native verification commands (tests, builds, lints) identified in configuration files such as package.json or Makefiles. This involves executing shell commands based on content read from the local repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated cycle of reading project files and test outputs and using that information to determine subsequent commands. Ingestion points: Reads package.json, Makefile, CI configurations, and captures output from Bash verification commands. Boundary markers: No explicit delimiters are used to separate ingested file content from internal instructions. Capability inventory: Access to Read, Write, and Bash tools across the repository. Sanitization: The skill does not perform sanitization or validation of the content read from files or command outputs before processing them.
- [SAFE]: The skill metadata identifies its source as the author's repository akillness/jeo-skills. Instructions for handling the $ultaqa typo represent benign developer experience improvements.
Audit Metadata