generate-cases
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from external sources such as Jira, Confluence, Figma, and project source code to generate test documentation. This creates a surface for indirect prompt injection where malicious instructions hidden in requirements or code comments could influence the agent's output.
- Ingestion points: SKILL.md (Step 1: Information Sources) identifies Jira issues, Confluence documents, Figma designs, and project source code as inputs.
- Boundary markers: The skill does not explicitly use boundary markers or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The skill scans the filesystem for existing test directories and generates new markdown files (*.test.md).
- Sanitization: No explicit sanitization of external content is mentioned, although the workflow requires explicit user approval of the gathered context and the generated checklist before creating test case files, providing a significant mitigation.
Audit Metadata