quality-gate
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: This skill consists entirely of Markdown instruction files and reference documentation. It does not contain any executable scripts, source code, or binary files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and synthesize content from external files, specifically task specifications and quality assessment reports. These files could be manipulated by an attacker to include instructions that override the gate decision logic or corrupt the generated YAML report used by automated CI/CD systems.
- Ingestion points: The skill reads from paths like .claude/tasks/ and .claude/quality/assessments/.
- Boundary markers: There are no specified delimiters or instructions to ignore embedded prompts within the ingested assessment markdown.
- Capability inventory: The skill allows the agent to generate and write YAML and Markdown reports to the local filesystem.
- Sanitization: The instructions do not include steps for validating or sanitizing the content of the assessment reports before processing.
Audit Metadata