qcsd-cicd-swarm
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external sources.
- Ingestion points: The skill reads CI/CD pipeline artifacts provided via the
PIPELINE_ARTIFACTSparameter, which include test results, logs, SAST/DAST reports, and infrastructure manifests (documented insteps/01-flag-detection.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the artifacts are used when processing these files.
- Capability inventory: The skill can spawn multiple sub-agents (
qe-quality-gate,qe-regression-analyzer, etc.), write multiple markdown and JSON reports to the file system, and persist data across sessions usingmcp__agentic-qe__memory_store(documented insteps/02-core-agents.mdandsteps/07-learning-persistence.md). - Sanitization: The instructions lack specific validation or sanitization steps for the data extracted from pipeline artifacts before it is used in decision synthesis or reporting.
Audit Metadata