sdlc-testing
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is composed entirely of Markdown documentation and templates. No scripts, binaries, or automated command executions are present.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing project-specific inputs into document templates. This is evaluated as safe because the skill lacks the capabilities (such as file-system writes, network operations, or shell execution) required for an injection attack to achieve privilege escalation or data exfiltration. Evidence chain: (1) Ingestion points: Project context and problem statements gathered in SKILL.md. (2) Boundary markers: Not used for input interpolation. (3) Capability inventory: No active tools or subprocess calls. (4) Sanitization: None required for static text generation.
Audit Metadata