cicd-pipeline-qe-orchestrator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core orchestration logic. Ingestion points: The workflows in microservice-pipeline.md and monolith-pipeline.md ingest untrusted data from source code changes, API contracts, and PR descriptions. Boundary markers: No delimiters or 'ignore' instructions are present to separate system instructions from untrusted data. Capability inventory: The workflow utilizes high-privilege agents including qe-test-executor (code execution), qe-security-scanner (dynamic analysis), and qe-test-generator (code generation). Sanitization: No input validation or sanitization is defined for the external data being processed.
- [COMMAND_EXECUTION] (MEDIUM): The workflows orchestrate the execution of arbitrary code and security scans via the qe-test-executor and qe-security-scanner agents. Without explicit sandboxing or privilege constraints defined in these orchestration templates, there is a risk of unauthorized command execution if the input data is malicious.
Recommendations
- AI detected serious security threats
Audit Metadata