qa-expert
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override system behavior were detected. The instructional content is restricted to QA methodology.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive data exfiltration patterns were found. Database connection examples use standard local development defaults.
- [Unverifiable Dependencies] (SAFE): Onboarding documentation mentions standard package managers (
npm,pnpm) and repository cloning for environment setup, which is consistent with the skill's purpose. - [Dynamic Execution] (SAFE): Python scripts used for metrics and validation perform local file reading and string manipulation using standard libraries. No use of
eval(),exec(), or unsafe deserialization was observed. - [Indirect Prompt Injection] (LOW): The skill processes external data (CSV and Markdown).
- Ingestion points:
calculate_metrics.pyreads a user-specified CSV path;validate_test_ids.pyreads markdown and CSV paths. - Boundary markers: Absent.
- Capability inventory: Limited to file reading and console output; no network or subprocess capabilities are present in the scripts themselves.
- Sanitization: None; however, the impact is negligible as the scripts only perform count-based arithmetic and regex matching.
Audit Metadata