ac-qa-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes implementation files that may contain untrusted data.
- Ingestion points: The
review_featuremethod and 'SCAN' workflow step ingest source code from feature implementations. - Boundary markers: The documentation does not define markers or instructions to prevent the model from following commands hidden in code comments or strings.
- Capability inventory: The skill can execute subprocesses (tests, linting) and write to the filesystem (auto-fix capabilities).
- Sanitization: No sanitization logic for external code content is described.
- [COMMAND_EXECUTION] (SAFE): The skill describes executing tests and static analysis tools.
- While executing arbitrary code from feature branches is high-risk, it is the stated primary purpose of the skill. The risk is considered acceptable within the context of a QA tool provided it is used in a sandboxed environment.
Audit Metadata