qe-requirements-validation
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities detected. The skill provides legitimate workflows for requirements traceability, BDD scenario generation, and coverage analysis.
- [COMMAND_EXECUTION]: The skill references a CLI tool
aqefor parsing requirements and managing test artifacts. These commands are executed locally and are consistent with the skill's stated purpose of quality engineering automation. - [PROMPT_INJECTION]: Potential for indirect prompt injection exists as the skill processes external data from Jira and local source code (Ingestion points: Jira project data,
tests/,src/,docs/). There are no explicit boundary markers or sanitization routines defined within the skill's instructions to filter potentially malicious instructions embedded in requirement descriptions. However, the impact is minimal as the skill's capabilities are limited to generating reports and BDD files (Capability inventory:aqetool operations; Sanitization: Absent).
Audit Metadata