Qt Coverage Workflow
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill identifies coverage gaps and passes them to a downstream agent for test generation. This creates a potential indirect prompt injection surface if the coverage reports are maliciously manipulated. • Ingestion points: coverage.json and coverage.info files parsed in templates/run-coverage.sh and templates/qt-coverage.yml. • Boundary markers: None specified in the agent handoff examples in SKILL.md. • Capability inventory: Execution of test suites and coverage tools. • Sanitization: No evidence of validation for extracted report data before it is included in prompts.
- [EXTERNAL_DOWNLOADS]: The skill templates and documentation suggest installing dependencies from trusted official package registries. • Evidence: pip and apt commands in references/python-coverage-workflow.md and templates/qt-coverage.yml are used to install standard development tools.
- [COMMAND_EXECUTION]: The automation scripts execute standard system commands for building and testing code as part of the primary skill purpose. • Evidence: Execution of cmake, ctest, and pytest in templates/run-coverage.sh and other files.
Audit Metadata