agentic-quality-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing untrusted data from pull request diffs (prDiff) to drive automation decisions.
- Ingestion points: SKILL.md describes passing prDiff data to agents like qe-test-generator and qe-regression-risk-analyzer to generate tests and evaluate risk.
- Boundary markers: There are no explicit instructions to use delimiters or sanitization logic when the agent processes the external prDiff content.
- Capability inventory: The orchestration logic includes spawning additional agents via the Task tool, executing shell-based commands using the aqe CLI, and writing to persistent storage via mcp__agentic-qe__memory_store.
- Sanitization: No sanitization or validation steps are defined for the input data before it is used to interpolate prompts or influence coordination logic.
Audit Metadata