Skills
skills/xmx0632/claude-code-demo/sdlc-qa-report/Gen Agent Trust Hub

sdlc-qa-report

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill is designed to systematically explore and interact with external web pages, which can introduce untrusted content into the agent's context.
  • Ingestion points: Web pages and route structures during the Phase 4 '探索' (Exploration) stage.
  • Boundary markers: The skill does not define specific boundary markers or 'ignore embedded instructions' warnings for content retrieved from external URLs.
  • Capability inventory: The skill utilizes Bash, Read, and Write tools to generate reports and capture evidence in the local environment.
  • Sanitization: There is no evidence of sanitization or filtering of external web content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses shell commands via the Bash tool to analyze project state and manage report files.
  • Evidence: Executes commands such as git diff main...HEAD --name-only, git log main..HEAD --oneline, and mkdir -p .gstack/qa-reports/screenshots. While these are legitimate for the skill's QA purpose, they represent a direct command execution surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 03:30 AM