qa-parsing-product-requirements
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for the agent to fetch and interpret product management artifacts using configured Jira and Figma MCP tools. All operations described are limited to retrieving requirements and design specifications for generating test cases.
- [PROMPT_INJECTION]: The skill processes untrusted external data from Jira tickets and Figma design nodes, representing an indirect prompt injection attack surface. However, the risk is negligible as the skill lacks high-risk capabilities.
- Ingestion points: Live context payloads from Jira tickets and Figma node structures (SKILL.md).
- Boundary markers: No delimiters or explicit warnings to ignore embedded instructions are present in the guidelines.
- Capability inventory: The skill does not use subprocesses, file-writing, or network operations outside of the established MCP tool context.
- Sanitization: No sanitization or validation of the fetched requirement text is mentioned in the instructions.
Audit Metadata