qa-team
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs agents to read configuration files located in the user's home directory, specifically targeting paths such as
~/.claude/agents/quality-engineer.mdand~/.claude/agents/gui-phd-web-electron.md. Accessing sensitive configuration files outside the project workspace is a data exposure risk. - [PROMPT_INJECTION]: The skill processes untrusted content from the application under test (web pages, mobile UI trees, macOS UI elements), creating a surface for indirect prompt injection where malicious data in the target application could influence agent behavior.
- Ingestion points: The skill uses
mcp__claude-in-chrome__read_page,mcp__ios-simulator__ui_describe_all, andmcp__mac-mcp-server__get_ui_elementsto ingest external UI data. - Boundary markers: Absent. The instructions do not provide delimiters or specific 'ignore' directives to prevent agents from obeying instructions found within the tested application's data.
- Capability inventory: The agents have access to a wide range of tools, including
Bash,Write,Edit, and platform-specific UI interaction tools (click,type,tap). - Sanitization: Absent. Content is analyzed directly by the language model without prior filtering or sanitization.
Audit Metadata