qa
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the capability to execute CLI commands directly during the verification step to automate result checking, allowing shell command execution based on definitions found in external files.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes test scenarios and command strings from potentially untrusted external project plans and QA specification files.\n
- Ingestion points: External project plans and separate Markdown QA specification documents are read to define test cases (SKILL.md, Step 1).\n
- Boundary markers: The skill does not implement boundary markers or instructions to disregard embedded commands or malicious overrides within the ingested external content.\n
- Capability inventory: The skill utilizes CLI command execution (SKILL.md, Step 3) and filesystem write operations for report generation and potential project configuration updates.\n
- Sanitization: There is no evidence of validation, sanitization, or filtering applied to CLI commands extracted from external sources prior to their execution.
Audit Metadata