release-testing-workflow-en
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to ingest and process untrusted data such as requirements documents and test reports (e.g., in prompts/requirements-analysis_EN.md and prompts/test-reporting_EN.md) and includes scripts with command execution capabilities.
- Ingestion points: User-provided requirements, system specifications, and test execution data are processed by several prompts in the prompts/ directory.
- Boundary markers: The prompts use Markdown headers and horizontal dividers (---) to separate instructions, but do not explicitly instruct the agent to ignore instructions embedded within the processed data.
- Capability inventory: The skill includes several Python scripts in the scripts/ directory (e.g., convert_formats.py, batch_convert_templates.py) that use subprocess.call to perform file operations and conversions.
- Sanitization: No explicit sanitization or filtering of external content is implemented before interpolation into the agent context.
- [COMMAND_EXECUTION]: Several Python utility scripts (e.g., scripts/convert_formats.py, scripts/batch_convert_templates.py) use subprocess.call to execute internal commands for data parsing and report generation. While these executions are intended for local file processing within the skill's operational scope, they represent a capability that could be exploited if an agent is successfully manipulated via the prompt injection surface.
Audit Metadata