qe-holistic-testing-pact
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data such as user stories, API designs, and architectural specifications, which creates an attack surface for indirect prompt injection.
- Ingestion points: Technical project data enters the context through the
qe-requirements-validatorandqe-regression-risk-analyzeragents as defined in theSKILL.mdtask examples. - Boundary markers: The provided templates lack explicit delimiters or "ignore instructions" wrappers to isolate user-provided requirements from the agent's core logic.
- Capability inventory: The skill uses
FleetManager.coordinateto manage a mesh of specialized agents and executes logic via theTaskabstraction. - Sanitization: There is no evidence of input sanitization or validation logic to filter potentially malicious instructions embedded within the processed documentation.
Audit Metadata