Skills
skills/pedronauck/skills/qa-report/Gen Agent Trust Hub

qa-report

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper scripts scripts/create_bug_report.sh and scripts/generate_test_cases.sh contain a prompt_input function that uses the eval command on input received via read -r. Specifically, the line eval "$var_name=\"$input\"" allows for arbitrary command injection if the input contains shell metacharacters like backticks, semicolons, or dollar signs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves design specifications from Figma via MCP and incorporates them into generated documentation and interactive workflows. There is no evidence of sanitization or the use of boundary markers to prevent malicious instructions embedded in design files from influencing the agent's behavior.
  • Ingestion points: Figma design data extracted via MCP (referenced in SKILL.md and references/figma_validation.md).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the design data.
  • Capability inventory: Execution of bash scripts (scripts/generate_test_cases.sh, scripts/create_bug_report.sh) which handle user/agent input.
  • Sanitization: Absent; design data and user inputs are processed without escaping or validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 03:33 AM