qa-expert

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection within its documentation generation scripts. \n- Ingestion points: User-provided strings are ingested via command-line arguments (--name, --owner, <feature>) passed to the Python scripts scripts/generate_test_plan.py and scripts/coverage_analysis.py. \n- Boundary markers: The generated markdown files do not utilize specific delimiters or boundary instructions to isolate user-supplied content from the template structure. \n- Capability inventory: The skill has access to several powerful tools, including Bash, Write, Read, and WebSearch, which could be exploited if malicious instructions embedded in generated documentation are subsequently processed by the agent. \n- Sanitization: The scripts directly interpolate input variables into markdown templates using f-strings and textwrap.dedent without performing any escaping or validation of special characters or markdown syntax.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:16 PM
Security Audit — agent-trust-hub — qa-expert