daily-testing-workflow-en
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a collection of Python scripts in the
scripts/directory (e.g.,batch_convert_templates.py,convert_formats.py) that utilizesubprocess.callto execute other internal scripts for parsing and converting QA output formats. These scripts are used to process project templates and artifacts. - [DATA_EXPOSURE]: Conversion scripts perform read and write operations on the local file system, specifically targeting the
output-templates/andartifacts/directories. While intended for processing QA data, this capability allows the agent to interact with files on the host system. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data, such as requirement documents, user stories, and application logs provided by the user. This creates a surface where malicious instructions embedded in that data could influence the agent's behavior during analysis.
- Ingestion points: External documents and logs provided by the user at runtime for analysis (referenced in
prompts/requirements-analysis_EN.mdand others). - Boundary markers: Prompts use horizontal dividers to separate instructions from user data, but do not implement strict sanitization or "ignore" directives for embedded content.
- Capability inventory: The skill can read/write local files and execute Python scripts via the
scripts/directory. - Sanitization: No explicit sanitization or filtering of external data is performed before it is included in the prompt context.
Audit Metadata