ultraqa
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from test and build outputs which are then used to inform autonomous file modifications.
- Ingestion points: Command output from tests, builds, and linting is passed to the 'architect' sub-agent for diagnosis in the 'Cycle Workflow'.
- Boundary markers: No specific delimiters or safety instructions are used to separate the untrusted command output from the architect's diagnosis prompt.
- Capability inventory: The 'executor' sub-agent is instructed to apply fixes 'precisely as recommended' by the architect, which involves file-write operations.
- Sanitization: No evidence of sanitization or validation of the command output before it is interpolated into sub-agent prompts.
- Command Execution (LOW): The skill executes arbitrary shell commands based on user input (e.g., custom test commands) and performs file cleanup using 'rm -f'. While standard for a developer tool, this behavior constitutes an attack surface. The severity is reduced because these operations are essential to the primary goal of automated QA.
Audit Metadata