Skills
skills/testomatio/skills/generate-test-cases/Gen Agent Trust Hub

generate-test-cases

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external and potentially untrusted sources (Jira, Confluence, Figma, and project source code) to generate checklists and test cases. The instructions do not require the use of boundary markers or sanitization when interpolating this external content into the agent context.
  • Ingestion points: Processes data from the user prompt, Jira issues, Confluence pages, Figma mockups, workspace source code, and Testomat.io TMS (via MCP).
  • Boundary markers: The skill lacks explicit instructions for using delimiters or 'ignore' warnings for the ingested content.
  • Capability inventory: Accesses workspace files, performs searches via MCP tools, and writes local markdown files (.md).
  • Sanitization: No validation or filtering of external content is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 04:28 PM