quality-playbook
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes automated functional and integration tests. It uses the project's native test runners (such as pytest, JUnit, or npm) to verify the correctness of the generated quality artifacts.
- [DATA_EXFILTRATION]: The skill exhibits a data exposure surface by instructing the agent to search for sensitive files like
.envto verify configuration for integration tests. It also requests access to AI chat history exports (Claude, Gemini, ChatGPT) to extract design decisions and incident history for building context. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the codebase, specifications, and external chat logs to inform its generation logic.
- Ingestion points: Project source files, documentation (Phase 1, Step 1), and provided AI chat histories (Phase 1, Step 0).
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The agent has the ability to read and write files and execute shell commands via test runners (Phase 3).
- Sanitization: No explicit sanitization or filtering of external content is performed before processing.
Audit Metadata