shift-right-testing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon untrusted external data from production systems.
- Ingestion points: Production logs are ingested in 'evals/shift-right-testing.yaml' (tc003) and structured incident data is processed in the 'Incident Replay' task in 'SKILL.md'.
- Boundary markers: Absent; there are no instructions or delimiters defined to isolate external data from the agent's core instructions.
- Capability inventory: The skill can coordinate a mesh of agents via 'FleetManager' and execute automated tasks including test generation and chaos experiment injection.
- Sanitization: The instructions do not define any sanitization or validation logic for the input logs or incident descriptions.
- [COMMAND_EXECUTION]: The skill demonstrates dynamic task orchestration and automated test generation capabilities.
- Evidence: The 'Incident Replay' task in 'SKILL.md' is explicitly designed to 'generateTests' and 'addToRegression' based on the conditions of a production incident.
- Evidence: Uses 'FleetManager.coordinate' to dynamically manage a mesh topology of specialized agents ('qe-chaos-engineer', 'qe-performance-tester', etc.) to execute production-level quality engineering workflows.
Audit Metadata