qms-audit-expert
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The 'Tools' section of
SKILL.mdprovides instructions for running a Python script (scripts/audit_schedule_optimizer.py) with several flags. This encourages the local execution of code that may have side effects on the user's filesystem. - [NO_CODE] (MEDIUM): The functional script
scripts/audit_schedule_optimizer.pyis missing from the provided file bundle. Its absence means the logic for processing audit data and generating schedules cannot be verified for safety, potential malicious activity, or data exfiltration. - [PROMPT_INJECTION] (LOW): The skill is designed to process untrusted external data via
processes.json(Indirect Prompt Injection surface). Maliciously crafted JSON values could attempt to override the agent's logic for nonconformity classification or audit prioritization. - Ingestion points:
processes.jsonfile input. - Boundary markers: Absent; the agent is not instructed to treat fields as data-only.
- Capability inventory: Script execution (Python) and local reasoning/decision making.
- Sanitization: Not documented; the agent treats the JSON content as direct input for its optimizer logic.
Audit Metadata