doc-sectest
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines multiple commands to execute local Python and Bash scripts for validation, such as
validate_sectest.py,validate_all_tspec.sh, andvalidate_tspec_quality_score.sh. These scripts are used to enforce schema compliance and quality gates for generated artifacts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and references various upstream artifacts (BRD, PRD, BDD, etc.) to generate security tests.
- Ingestion points: Processes data from files listed in
upstream_artifacts(BRD, PRD, EARS, BDD, ADR, SYS, REQ, CTR, SPEC). - Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded commands within the ingested documents.
- Capability inventory: Executes local Python and shell scripts and performs file write operations to structured directory paths.
- Sanitization: Absent; no explicit sanitization or filtering logic is described for the content extracted from external documents.
- [SAFE]: The skill includes explicit safety rules, mandating that security tests must run in isolated environments and never against production systems. No obfuscation, hardcoded credentials, or unauthorized network operations were found.
Audit Metadata