qa-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from project files. Ingestion points: Local project files in docs/, components/, server/, and composables/ accessed via read_file and grep_search. Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within retrieved files. Capability inventory: The skill is restricted to read-only search tools (read_file, grep_search, semantic_search) and explicitly forbids file modification, deletion, or network operations. Sanitization: No sanitization or validation of the ingested content is specified.
- NO_CODE (SAFE): The skill consists solely of instructional markdown and does not include any Python scripts, Node.js packages, or binary executables, which eliminates common attack vectors like remote code execution or persistence.
Audit Metadata