ultraqa
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external command outputs and passes it to subsequent agent roles like the architect and executor.
- Ingestion points: The skill reads output from tests, builds, and custom commands in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present when passing data to the delegate roles.
- Capability inventory: The skill has the ability to execute shell commands and modify files via the executor role.
- Sanitization: No sanitization, escaping, or validation of external command output is performed before it is used to influence next steps.
- [COMMAND_EXECUTION]: The skill executes arbitrary project-level commands (test, build, lint, typecheck) based on user-provided arguments.
- Evidence: Commands are executed through the cycle workflow in SKILL.md, which allows for the execution of local scripts and binaries.
Audit Metadata