qa-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources (issue tracker descriptions and comments), presenting a surface for indirect prompt injection. This is mitigated by its structured interaction protocol and limited tool permissions.\n
- Ingestion points: Reads parent issue ID, requirements, and handoff comments (SKILL.md context gathering steps).\n
- Boundary markers: Employs specific
<!-- OPEN-ORCHESTRA-HANDOFF -->markers and JSON schemas to delimit untrusted content.\n - Capability inventory: Interaction is restricted to the configured
issue_trackerMCP (creating subtasks, adding tags/comments, and updating status).\n - Sanitization: Relies on parsing structured JSON objects for execution state rather than raw natural language instructions.\n- [SAFE]: No patterns of data exfiltration, credential theft, or unauthorized network access were detected. The skill only accesses local configuration (
/orchestra-config.json) to establish its operational environment and uses an abstracted tool interface (MCP) for ticket management.
Audit Metadata