unit-test-shifting-left-from-requirements
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external requirements, user stories, and PRDs, creating a surface for indirect prompt injection.
- Ingestion points: Step 1 in SKILL.md parses provided requirements documents to extract testable criteria.
- Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the processed requirements.
- Capability inventory: The skill produces test skeletons and Gherkin scenarios; while it does not execute code itself, its outputs are intended to be integrated into developer environments.
- Sanitization: No explicit sanitization, validation, or filtering of the source requirement text is defined to mitigate the risk of processing malicious instructions embedded in the documentation.
Audit Metadata