sprint-testing-workflow-en
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data, creating an indirect prompt injection surface.
- Ingestion points: The agent is instructed to process user-provided materials such as product requirements, user stories, API documentation, and bug reports across several expert-role prompts (e.g., in
prompts/requirements-analysis_EN.md,prompts/api-testing_EN.md, andprompts/bug-reporting_EN.md). - Boundary markers: The skill relies on standard Markdown formatting and horizontal dividers (
---) to separate instructions from data; there are no explicit 'ignore instructions within data' protective warnings present in the prompts. - Capability inventory: The skill contains numerous Python scripts in the
scripts/directory that can read from and write to the local file system and execute other local Python processes via thesubprocessmodule. - Sanitization: There is no evidence of automated sanitization, filtering, or escaping of the user-provided content before it is processed by the AI personas.
- [COMMAND_EXECUTION]: The skill includes a collection of utility scripts (
scripts/batch_convert_templates.py,scripts/convert_output_formats.py, and format-specific wrappers) that utilizesubprocess.callorsubprocess.runto coordinate local script execution. - Evidence:
scripts/batch_convert_templates.pyconstructs a command list usingsys.executableand local script paths to perform batch conversions of template files. - Context: This behavior is limited to the execution of the skill's own internal logic for document conversion (e.g., Markdown to JSON) and does not involve the execution of arbitrary strings or remote payloads.
Audit Metadata