doc-stest-autopilot
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests and acts upon untrusted data from multiple sources.
- Ingestion points: The skill accepts data through
--ref,--prompt, and--iplanarguments and reads upstream documents such as EARS, BDD, REQ, and SPEC artifacts as defined in theSKILL.mdworkflow. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are specified for the processing of these external inputs.
- Capability inventory: The orchestration flow involves writing files (STEST reports and documents), executing other skills like
doc-stest-auditanddoc-stest-fixer, and running a local Python validation scriptai_dev_ssd_flow/10_TSPEC/scripts/validate_stest.py. - Sanitization: There is no mention of sanitization or validation of the content within ingested artifacts before they are used to generate or modify documentation, potentially allowing malicious content to influence the agent's behavior during the audit and fix phases.
Audit Metadata