dev-swarm-code-test
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external, potentially untrusted markdown files to determine its actions.
- Ingestion points: Processes data from '10-sprints/', 'features/', '04-prd/', and '07-tech-specs/'.
- Boundary markers: The prompt does not specify delimiters or instructions for the agent to ignore embedded commands within these files.
- Capability inventory: The skill has the ability to execute shell commands ('curl'), write and run code (tests), and perform git operations.
- Sanitization: No content validation or sanitization routines are defined for the ingested data.
- [COMMAND_EXECUTION]: The skill uses shell commands and code execution as part of its primary testing functionality.
- Evidence: The instructions explicitly prioritize the use of 'curl' and the execution of automated test suites.
- Context: These capabilities are necessary for the skill's role as a QA Engineer but represent a capability that could be abused if the input data is compromised.
Audit Metadata