qe-defect-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses standard development and quality engineering tools to perform its stated functions.
- [COMMAND_EXECUTION]: The skill invokes a CLI tool named
aqeto perform various defect-related tasks such as prediction and root cause analysis. These commands are localized to the development environment and used for legitimate diagnostic purposes. - [PROMPT_INJECTION]: Analyzed the skill for potential indirect prompt injection vulnerabilities due to its data ingestion workflows. The skill processes external data from Jira issues and Git commit history, which are potentially attacker-controlled ingestion points. Mandatory Evidence Chain:
- Ingestion points: Git commit history (
git:last-6-months), Jira issue data (jira:project=MYAPP), and test failure reports. - Boundary markers: None explicitly defined in the task templates to separate instructions from data.
- Capability inventory: Executes shell commands via the
aqetool and synchronizes data with external issue trackers. - Sanitization: No explicit evidence of sanitization or validation of external input before processing by the agent.
Audit Metadata