rcca-master
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): The provided files consist of markdown documentation and templates for quality management processes. No executable code or malicious instructions were found.\n- NO_CODE (SAFE): While the documentation references a core instruction file (SKILL.md) and Python scripts (scripts/initialize_8d.py, etc.), these were not included in the provided distribution. The skill functions as a content repository without automated logic.\n- Indirect Prompt Injection (LOW): The skill ingests user-provided failure descriptions for processing, creating a surface for indirect prompt injection. The impact is limited to the context of the RCA investigation.\n
- Ingestion points: Phase D2 (Problem Definition) in 'templates/8d-report-template.md' and user descriptions in 'README.md'.\n
- Boundary markers: None identified; user input is processed as plain text.\n
- Capability inventory: Orchestration of external skills (five-whys-analysis, fishbone-diagram) and report generation.\n
- Sanitization: No explicit sanitization or validation of user-provided problem data is described.
Audit Metadata