qa-plan
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from story and design files.
- Ingestion points: The skill reads and extracts information from files at paths such as production/epics//story-.md and design/gdd/ to build its plan.
- Boundary markers: There are no specified delimiters or explicit instructions to the agent to disregard any commands or behavior-overriding text that might be embedded within the story files or GDDs.
- Capability inventory: The skill uses file system tools (Read, Glob, Grep, Write) and interactive tools (AskUserQuestion) which provide a functional surface that could be misused if an injection occurs.
- Sanitization: The skill does not perform validation or sanitization on the text extracted from input files before using it to generate the final QA plan document.
Audit Metadata