aid-qa-ship
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill primarily consists of Markdown-based documentation and process templates for software validation and deployment.
- [COMMAND_EXECUTION]: Includes commands for executing local test suites (npm test, jest, vitest) and utilizing grep to identify potentially hardcoded secrets in test code. These operations are transparent, utilize well-known development tools, and are consistent with the skill's stated purpose of quality assurance.
- [INDIRECT_PROMPT_INJECTION]: The skill handles user-supplied data such as user stories and acceptance criteria. 1. Ingestion points: User stories and criteria handled in SKILL.md and references/acceptance-criteria-validation.md. 2. Boundary markers: Data is organized within structured Markdown elements like tables and headings. 3. Capability inventory: Execution of local testing utilities and file system search commands. 4. Sanitization: No explicit sanitization is described, which is standard for internal process guidance relying on trusted local environments.
Audit Metadata