Skills
skills/testany-io/testany-agent-skills/uc-interviewer/Gen Agent Trust Hub

uc-interviewer

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its document processing workflow.
  • Ingestion points: The skill uses a Read tool in Phase 0.1 to ingest content from user-provided Business Requirement Documents (BRD).
  • Boundary markers: The prompt does not define clear delimiters or specific instructions to ignore embedded commands within the ingested BRD content.
  • Capability inventory: The agent has the ability to read files, track state via TodoWrite, interact with the user via AskUserQuestion, and write Markdown files to the local file system.
  • Sanitization: No explicit sanitization or filtering of the BRD content is performed before processing; however, the skill's design requires human confirmation for every journey step and priority, which provides a significant behavioral safeguard against accidental obedience to injected instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 10:14 PM