qa-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external ticket sources which could be manipulated to influence agent behavior.\n
- Ingestion points: The agent ingests data from parent issue descriptions, acceptance criteria, and child implementation subtasks (SKILL.md, Context Gathering Order and Procedure sections).\n
- Boundary markers: While it uses HTML comments and JSON blocks for handoff context, there are no defined delimiters or 'ignore embedded instructions' warnings for the natural language content read from the issue tracker.\n
- Capability inventory: The agent can create subtasks, post comments, and update tags/statuses on the issue tracker using an MCP.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested ticket content before it is processed by the agent.- [NO_CODE]: The skill is comprised of markdown-based instructions and metadata without any accompanying executable scripts or binary files.
Audit Metadata