shift-left-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No evidence of direct prompt injection, system prompt extraction, or safety filter bypass attempts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network communication patterns detected.
- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques used to hide malicious content.
- Indirect Prompt Injection (LOW): The skill identifies a potential attack surface by ingesting external data such as user stories and requirements for processing by other agents. 1. Ingestion points: userStories, requirements variables (SKILL.md). 2. Boundary markers: None defined in the provided templates. 3. Capability inventory: Uses Task calls to trigger external agent actions (qe-test-generator). 4. Sanitization: No explicit sanitization or validation logic provided in the markdown templates.
- Execution (SAFE): The skill provides descriptive examples of CI/CD pipeline configurations (GitHub Actions) but does not execute these commands or download external scripts itself.
Audit Metadata