qe-defect-intelligence
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: The skill ingests untrusted data from external sources including Jira bug descriptions (jira:project=MYAPP&type=bug), Git commit messages (git:last-6-months), and test failure logs via the
patternLearnerandrootCauseAnalyzermodules.\n - Boundary markers: The prompt templates for analysis (e.g., the
five_whystemplate) do not utilize delimiters or specific instructions to disregard potentially malicious instructions embedded within the ingested data.\n - Capability inventory: The skill utilizes the
aqeCLI tool for subprocess execution and possesses the ability to perform bidirectional synchronization with issue trackers, which could be leveraged if the agent inadvertently follows instructions embedded in the processed data.\n - Sanitization: No evidence of input validation, escaping, or sanitization of external content is present in the provided workflow definitions.\n- [COMMAND_EXECUTION]: Execution of vendor-specific CLI utility.\n
- Evidence: The skill invokes the
aqecommand-line tool (e.g.,aqe defect predict,aqe defect patterns) to perform its primary functions. While these are legitimate operations for a Quality Engineering skill, they involve subprocess execution based on parameters derived from the local environment and external trackers.
Audit Metadata