quality-gate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted data from external sources.
- Ingestion points: Processes content from
issue/PR links,Requirements in scope, andFiles changed / diff. - Boundary markers: The instructions do not define clear delimiters or escaping mechanisms to prevent the LLM from following instructions embedded within the code or requirements documents being audited.
- Capability inventory: The skill orchestrates multiple specialist passes including
ubs-scanner,security-audit, and execution of project-specific test/build commands. - Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent or passed to downstream tools.
- COMMAND_EXECUTION (LOW): The workflow explicitly instructs the agent to "Prefer running the project’s actual commands" to record evidence. While this is the intended primary purpose of a verification lead skill, it creates a risk where a malicious PR could modify local build scripts or test configurations to execute arbitrary code when the agent attempts to run the 'actual commands' for validation.
Audit Metadata