qa-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface. The utility scripts
scripts/generate_test_plan.pyandscripts/coverage_analysis.pytake user input via command-line arguments and interpolate it directly into Markdown templates without sanitization. If the agent later reads these generated files, it could execute instructions embedded by a malicious user. \n - Ingestion points: CLI arguments
--nameand--ownerin both Python scripts. \n - Boundary markers: Absent; the generated markdown does not use delimiters to isolate user-provided content. \n
- Capability inventory: The skill is granted broad permissions including Bash, Write, and WebFetch tools. \n
- Sanitization: Absent; input strings are directly inserted into the markdown output.\n- [COMMAND_EXECUTION] (SAFE): The skill documentation suggests using standard development commands (e.g.,
npm audit,npm test,npm run lint) for quality gates. These are standard practices and are not executed automatically in a hidden or malicious manner.\n- [EXTERNAL_DOWNLOADS] (SAFE): Links to external resources like the Google Testing Blog are provided for documentation purposes only. No automated script downloads or remote code execution patterns were detected.
Audit Metadata