user-acceptance
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected across the skill files.
- [COMMAND_EXECUTION]: The skill provides templates for executing standard development commands such as starting dev servers, running local tests, and using curl for API verification. These commands are intended to run within the user's local development environment to demonstrate feature functionality.
- [PROMPT_INJECTION]: The skill uses operational gates and a scope lock mechanism to ensure the agent remains within the boundaries of the specific UAT task and does not proceed to final sign-off without explicit human intervention.
- [PROMPT_INJECTION]: The skill processes ticket and pull request data, which constitutes a potential surface for indirect prompt injection. Ingestion points: Pull request and ticket descriptions. Boundary markers: Explicit 'UAT Scope' declaration at the start of the workflow. Capability inventory: Shell command execution, browser interaction, and local file access. Sanitization: Mitigated by a mandatory human sign-off requirement for all recommendations and verdicts.
Audit Metadata