Skills
skills/caomeiyouren/cmyr-skills-agents/qa-assistant/Gen Agent Trust Hub

qa-assistant

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is strictly read-only and explicitly forbids modifying code, moving files, or deleting resources.
  • [DATA_EXPOSURE]: The skill relies on tools like read_file, grep_search, and semantic_search to analyze the project. While intended for legitimate QA, this capability could be used to read sensitive configuration files if they are present in the project scope and not excluded by environment-level permissions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Processes content from docs/, components/, server/, and composables/ using read_file or grep_search.
  • Boundary markers: Absent. The instructions do not specify delimiters or provide directives to ignore potential instructions embedded within the ingested code or documentation.
  • Capability inventory: Limited to read_file, grep_search, and semantic_search as per the instructions. No write, network, or execution capabilities are requested within the skill text.
  • Sanitization: Absent. Content is processed as-is to generate answers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 11:54 AM