systematic-qa
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the discovery and execution of arbitrary build and test commands sourced from a repository's own manifests. This presents a risk of executing untrusted code if the target repository is malicious.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes and acts upon documentation and configuration files from external repositories. Ingestion points: Repository root documentation, build manifests, and CI workflow files. Boundary markers: The instructions lack explicit delimiters to separate repository-provided data from the agent's core logic. Capability inventory: The agent is authorized to execute shell commands, install language-specific dependencies, and write files. Sanitization: There is no validation or sanitization logic to verify the safety of discovered commands before they are executed.
Audit Metadata