Skills
skills/proffesor-for-testing/agentic-qe/qe-code-intelligence/Gen Agent Trust Hub

qe-code-intelligence

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends executing npx ruflo doctor --fix to address initialization errors, which triggers a download and execution from the NPM registry.
  • [COMMAND_EXECUTION]: Relies on the aqe command-line utility for core operations such as indexing (aqe kg index), searching (aqe kg search), and dependency mapping (aqe kg deps).
  • [DATA_EXFILTRATION]: The skill indexes the contents of the src/ directory, extracting entity relationships and generating embeddings that are stored in the AgentDB vector database.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted local source code for indexing and context generation.
  • Ingestion points: Processes all TypeScript files in the source directory (SKILL.md).
  • Boundary markers: No delimiters or instructions are provided to the agent to ignore embedded commands in the analyzed code.
  • Capability inventory: The skill uses the aqe tool to parse code and extract metadata, which is then used to generate intelligent context for AI operations (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested code content is performed before it is used to construct knowledge graphs or search results.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 08:03 AM