requirements-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts in the
scripts/directory utilizesubprocess.callto delegate format conversion tasks to internal scriptsconvert_formats.pyandparse_formats.py. These executions are limited to local Python invocation and do not expose the system to arbitrary shell command injection. - [PROMPT_INJECTION]: The skill processes untrusted requirement data via the prompt in
prompts/requirements-analysis.md. Evidence: (1) Ingestion point: requirements, stories, and AC inprompts/requirements-analysis.md. (2) Boundary markers: Absent. (3) Capabilities: Filesystem read/write and script execution within thescripts/folder. (4) Sanitization: Absent. The risk of indirect prompt injection is inherent to the skill's primary analysis task and no malicious behavior was observed.
Audit Metadata