ultraqa
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (test and build outputs) and uses it to drive an autonomous code-fixing cycle, creating a surface for indirect prompt injection.
- Ingestion points: Command outputs from tests, builds, and linting processes are read into the agent context in
SKILL.md. - Boundary markers: Absent. The prompts for the 'architect' and 'executor' sub-agents do not employ delimiters or instructions to treat data as untrusted.
- Capability inventory: The skill has the ability to execute shell commands and modify project files through the 'executor' sub-agent.
- Sanitization: There is no evidence of sanitization or filtering applied to command outputs before they are processed by the reasoning model.
- [COMMAND_EXECUTION]: The skill executes shell commands based on user-provided arguments (e.g., test, build, lint) and performs file system operations such as removing state files (
rm -f .omc/state/ultraqa-state.json).
Audit Metadata