shift-left-testing
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data (user stories, PR files, and code snippets) for processing by agents.
- Ingestion points:
SKILL.md(variablesuserStories,prFiles),evals/shift-left-testing.yaml(fieldscode_changes,code). - Boundary markers: None identified in the provided task definitions or agent instructions to delimit untrusted data.
- Capability inventory: Agent-assisted test generation (
qe-test-generator), requirements validation (qe-requirements-validator), and risk analysis (qe-regression-risk-analyzer) involve generating and processing code or logic. - Sanitization: No explicit sanitization, escaping, or validation logic for untrusted external content is defined in the skill scripts or prompts.
Audit Metadata