uat-verify
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it consumes data from potentially untrusted sources to determine its actions.
- Ingestion points: The skill reads task details via TaskGet and processes feature plan files using the Read tool as described in Step 1 of the workflow.
- Boundary markers: There are no explicit delimiters or system instructions to ignore embedded commands within the criteria being read.
- Capability inventory: The skill has access to Bash, Read, and TaskUpdate tools, providing a wide range of administrative and execution capabilities.
- Sanitization: No sanitization or validation of the criteria is performed before they are used to guide tool execution.
- [COMMAND_EXECUTION]: The workflow instructions in SKILL.md direct the agent to execute arbitrary bash commands and node tests derived from external acceptance criteria. While necessary for the skill's primary function of UAT verification, this pattern allows for the execution of malicious commands if the source criteria are manipulated.
Audit Metadata