team-qa
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from external files into subagent prompts.
- Ingestion points: Phase 1 utilizes Glob and Read to ingest story files from 'production/sprints/' and project state from 'production/session-state/active.md'.
- Boundary markers: Instructions for the 'qa-lead' and 'qa-tester' subagents lack delimiters or explicit warnings to ignore instructions found within the processed story files.
- Capability inventory: The skill has the capability to spawn additional agents via the Task tool and create or modify files using the Write tool.
- Sanitization: No sanitization, filtering, or validation is performed on the content of story files before they are passed to subagents.
Audit Metadata