qa
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly generates and executes Python scripts (
scripts/test_xxx_api.py,scripts/test_flow.py) and runs UI tests via Playwright in Stage 5. While this is the intended functionality for a QA tool, executing dynamically generated code carries inherent risks. - [REMOTE_CODE_EXECUTION] (MEDIUM): The agent writes code to the local file system and subsequently executes it. This execution loop relies on analyzing files in sibling directories (
../pm/and../rd/), which may not be under the same trust boundary as the skill itself. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Files are read from
../pm/prd/index.csv,../pm/prd/{需求名}/requirement.md, and../rd/dev/{需求名}/plan.md. - Boundary markers: No explicit delimiters or 'ignore' instructions are defined when processing these external files.
- Capability inventory: The skill has the ability to write files, execute Python scripts, and launch Playwright for browser-based testing.
- Sanitization: There is no evidence of sanitization or validation of the input data before it is interpolated into the code generation prompt.
Audit Metadata