systematic-qa
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to discover and execute arbitrary shell commands from the project environment, including installation, build, and test scripts found in local configuration manifests.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from repository files and uses it to drive agent actions.
- Ingestion points: The
scripts/discover-project-contract.pyscript reads and parses project files such asMakefile,Justfile,package.json,go.mod,Cargo.toml, andpyproject.tomlfrom the local filesystem. - Boundary markers: Absent. The instructions do not implement delimiters or warnings to treat the content of these external files as untrusted or to ignore instructions embedded within them.
- Capability inventory: The skill provides the agent with the capability to execute the discovered strings as shell commands to perform installation, verification, and testing tasks as outlined in
SKILL.md(Steps 1, 3, 4, and 6). - Sanitization: Absent. There is no evidence of validation, escaping, or filtering of the command strings extracted from the project files before they are passed to the shell for execution.
Audit Metadata