sprint-testing
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill behavior is consistent with its stated purpose as a QA automation tool.
- [COMMAND_EXECUTION]: The skill executes standard development tools (git, gh, bun, playwright) to perform code exploration and testing tasks.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external data from issue tracker tickets. Evidence chain: 1. Ingestion points: Ticket descriptions and comments are fetched via [ISSUE_TRACKER_TOOL] in session-entry-points.md. 2. Boundary markers: The skill implements a mandatory human confirmation step after the 'Story Explanation' phase in SKILL.md. 3. Capability inventory: The skill can write to the PBI folder, execute shell commands, perform database queries, and make network requests. 4. Sanitization: No explicit content sanitization is mentioned, but the human-in-the-loop verification mitigates the risk of the agent executing malicious instructions embedded in tickets. Given the primary purpose and the mitigation, this is considered a safe surface.
Audit Metadata