ultraqa
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses "mode" framing ("You are now in ULTRAQA mode") and instructs the agent to prioritize "automatic continuation" over user confirmation for many steps. By limiting requests for user permission to only "material" or "destructive" actions, the skill reduces human-in-the-loop oversight of the agent's operations.- [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands (test, build, lint) on local projects. If the project files are malicious, this workflow facilitates the execution of that code within the local environment.- [PROMPT_INJECTION]: The skill exhibits an attack surface where untrusted data could influence agent behavior.
- Ingestion points: The agent reads command-line output from tests and full source code files during the "Architect Diagnosis" phase (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters defined to separate the agent's core instructions from the data being analyzed (e.g., test logs or user code).
- Capability inventory: The skill possesses the ability to write to the file system (the "executor" role applying fixes) and execute arbitrary shell commands (the "RUN QA" phase).
- Sanitization: Absent. Fixes recommended by the "architect" role are applied "precisely" by the "executor" role without an intermediate validation or sanitization step to check for injected instructions.
Audit Metadata