qe-stream-chain
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The provided skill consists entirely of markdown documentation and configuration examples within
SKILL.md. No executable scripts or binary files are included. - [PROMPT_INJECTION]: The skill facilitates a multi-agent pipeline architecture where the output from one agent is used as the context for the next step. This structure is inherently susceptible to indirect prompt injection if an earlier step processes untrusted data. * Ingestion points: User-defined prompts and external data flow through sequential steps as described in the 'Custom Chains' and 'Predefined Pipelines' sections. * Boundary markers: The documentation illustrates conceptual markers (e.g., 'Previous step output') to separate context, but these do not provide robust protection against adversarial instructions. * Capability inventory: The system is designed to perform code analysis, implementation, and data transformation, which could be exploited if an injected instruction is executed. * Sanitization: There is no evidence of output sanitization or validation between steps in the documented workflow.
Audit Metadata