qcsd-development-swarm
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because its core function is to analyze potentially untrusted source code and persist derived findings to a long-term memory store.
- Ingestion points: The skill ingests external data from the
SOURCE_PATHandTEST_PATHdirectories as defined in theSKILL.mdfile. - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted source code content from the analysis instructions provided to the sub-agents, increasing the risk that the agent might obey instructions embedded in code comments.
- Capability inventory: The skill possesses significant capabilities, including the ability to write to a persistent memory namespace via
mcp__agentic-qe__memory_store(Step 7) and the ability to spawn multiple specialized agents via theTasktool (Step 2 and Step 4). - Sanitization: The skill lacks logic to sanitize, escape, or validate the content of the analyzed source code or the metrics derived from it before they are stored in the persistent memory namespace, which could lead to gradual poisoning of the agent's memory store.
Audit Metadata