holistic-testing-pact
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data such as requirements, user stories, and API designs to generate testing strategies. This constitutes an indirect prompt injection surface.
- Ingestion points: Data enters the agent context through the
qe-requirements-validatorandqe-test-generatoragents during refinement and planning phases (referenced in SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions within processed data are defined in the provided snippets.
- Capability inventory: The skill utilizes
FleetManager.coordinateto orchestrate multiple agents andTaskcalls to perform analysis and risk planning. - Sanitization: There is no evidence of sanitization or validation of the input requirements before they are processed by the agents.
Audit Metadata