qa-run
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes flow specifications from the
qa/browser-flowsdirectory. While this constitutes an ingestion surface for external instructions, it is the primary purpose of the skill. - Ingestion points: Flow specification files and documentation located in the
qa/browser-flows/path. - Boundary markers: No explicit delimiters are used for the external flow content, though the skill provides a clear execution context for the agent.
- Capability inventory: The skill can navigate to arbitrary URLs via the
--base-urlargument, capture screenshots, and write files to the local filesystem. - Sanitization: The instructions explicitly mandate that reports must be kept free of secrets, using placeholders for any sensitive values.
- [EXTERNAL_DOWNLOADS]: The skill is designed to interact with external web services including Gmail, Outlook, and the specified application URL. These interactions are intrinsic to its function as a QA automation tool.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill writes test results and screenshots to the
qa/browser-flows/results/directory. The instructions include a specific safeguard against credential exposure in these reports.
Audit Metadata