senior-qa
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The SKILL.md references requirements.txt and package.json for installation, but these files are missing from the skill. This prevents verification of third-party dependencies and could lead to the installation of malicious packages.
- [Indirect Prompt Injection] (LOW): The skill's architecture is designed to ingest external project data for analysis. This creates a vulnerability surface where malicious code or comments in the target project could influence the AI agent's behavior during the QA process.
- [Command Execution] (INFO): SKILL.md documentation mentions high-privilege commands like kubectl apply and docker build; while these are user-facing examples, they highlight the privileged context in which a QA agent using this skill might operate.
Audit Metadata