Skills
skills/nguyenthienthanh/aura-frog/qa-expert

qa-expert

SKILL.md

QA Expert

Establish world-class QA testing processes for any software project using proven methodologies from Google Testing Standards and OWASP security best practices.

When to Use This Skill

Trigger this skill when:

  • Setting up QA infrastructure for a new or existing project
  • Writing standardized test cases (AAA pattern compliance)
  • Executing comprehensive test plans with progress tracking
  • Implementing security testing (OWASP Top 10)
  • Filing bugs with proper severity classification (P0-P4)
  • Generating QA reports (daily summaries, weekly progress)
  • Calculating quality metrics (pass rate, coverage, gates)
  • Preparing QA documentation for third-party team handoffs
  • Enabling autonomous LLM-driven test execution

Quick Start

One-command initialization:

python scripts/init_qa_project.py <project-name> [output-directory]

What gets created:

  • Directory structure (tests/docs/, tests/e2e/, tests/fixtures/)
  • Tracking CSVs (TEST-EXECUTION-TRACKING.csv, BUG-TRACKING-TEMPLATE.csv)
  • Documentation templates (BASELINE-METRICS.md, WEEKLY-PROGRESS-REPORT.md)
  • Master QA Prompt for autonomous execution
  • README with complete quickstart guide

For autonomous execution (recommended): See references/master_qa_prompt.md - single copy-paste command for 100x speedup.

Core Capabilities

1. QA Project Initialization

Initialize complete QA infrastructure with all templates:

python scripts/init_qa_project.py <project-name> [output-directory]

Creates directory structure, tracking CSVs, documentation templates, and master prompt for autonomous execution.

Use when: Starting QA from scratch or migrating to structured QA process.

2. Test Case Writing

Write standardized, reproducible test cases following AAA pattern (Arrange-Act-Assert):

  1. Read template: assets/templates/TEST-CASE-TEMPLATE.md
  2. Follow structure: Prerequisites (Arrange) → Test Steps (Act) → Expected Results (Assert)
  3. Assign priority: P0 (blocker) → P4 (low)
  4. Include edge cases and potential bugs

Test case format: TC-[CATEGORY]-[NUMBER] (e.g., TC-CLI-001, TC-WEB-042, TC-SEC-007)

Reference: See references/google_testing_standards.md for complete AAA pattern guidelines and coverage thresholds.

3. Test Execution & Tracking

Ground Truth Principle (critical):

  • Test case documents (e.g., 02-CLI-TEST-CASES.md) = authoritative source for test steps
  • Tracking CSV = execution status only (do NOT trust CSV for test specifications)
  • See references/ground_truth_principle.md for preventing doc/CSV sync issues

Manual execution:

  1. Read test case from category document (e.g., 02-CLI-TEST-CASES.md) ← always start here
  2. Execute test steps exactly as documented
  3. Update TEST-EXECUTION-TRACKING.csv immediately after EACH test (never batch)
  4. File bug in BUG-TRACKING-TEMPLATE.csv if test fails

Autonomous execution (recommended):

  1. Copy master prompt from references/master_qa_prompt.md
  2. Paste to LLM session
  3. LLM auto-executes, auto-tracks, auto-files bugs, auto-generates reports

Innovation: 100x faster vs manual + zero human error in tracking + auto-resume capability.

4. Bug Reporting

File bugs with proper severity classification:

Required fields:

  • Bug ID: Sequential (BUG-001, BUG-002, ...)
  • Severity: P0 (24h fix) → P4 (optional)
  • Steps to Reproduce: Numbered, specific
  • Environment: OS, versions, configuration

Severity classification:

  • P0 (Blocker): Security vulnerability, core functionality broken, data loss
  • P1 (Critical): Major feature broken with workaround
  • P2 (High): Minor feature issue, edge case
  • P3 (Medium): Cosmetic issue
  • P4 (Low): Documentation typo

Reference: See BUG-TRACKING-TEMPLATE.csv for complete template with examples.

5. Quality Metrics Calculation

Calculate comprehensive QA metrics and quality gates status:

python scripts/calculate_metrics.py <path/to/TEST-EXECUTION-TRACKING.csv>

Metrics dashboard includes:

  • Test execution progress (X/Y tests, Z% complete)
  • Pass rate (passed/executed %)
  • Bug analysis (unique bugs, P0/P1/P2 breakdown)
  • Quality gates status (✅/❌ for each gate)

Quality gates (all must pass for release):

Gate Target Blocker
Test Execution 100% Yes
Pass Rate ≥80% Yes
P0 Bugs 0 Yes
P1 Bugs ≤5 Yes
Code Coverage ≥80% Yes
Security 90% OWASP Yes

6. Progress Reporting

Generate QA reports for stakeholders:

Daily summary (end-of-day):

  • Tests executed, pass rate, bugs filed
  • Blockers (or None)
  • Tomorrow's plan

Weekly report (every Friday):

  • Use template: WEEKLY-PROGRESS-REPORT.md (created by init script)
  • Compare against baseline: BASELINE-METRICS.md
  • Assess quality gates and trends

Reference: See references/llm_prompts_library.md for 30+ ready-to-use reporting prompts.

7. Security Testing (OWASP)

Implement OWASP Top 10 security testing:

Coverage targets:

  1. A01: Broken Access Control - RLS bypass, privilege escalation
  2. A02: Cryptographic Failures - Token encryption, password hashing
  3. A03: Injection - SQL injection, XSS, command injection
  4. A04: Insecure Design - Rate limiting, anomaly detection
  5. A05: Security Misconfiguration - Verbose errors, default credentials
  6. A07: Authentication Failures - Session hijacking, CSRF
  7. Others: Data integrity, logging, SSRF

Target: 90% OWASP coverage (9/10 threats mitigated).

Each security test follows AAA pattern with specific attack vectors documented.

Day 1 Onboarding

For new QA engineers joining a project, complete 5-hour onboarding guide:

Read: references/day1_onboarding.md

Timeline:

  • Hour 1: Environment setup (database, dev server, dependencies)
  • Hour 2: Documentation review (test strategy, quality gates)
  • Hour 3: Test data setup (users, CLI, DevTools)
  • Hour 4: Execute first test case
  • Hour 5: Team onboarding & Week 1 planning

Checkpoint: By end of Day 1, environment running, first test executed, ready for Week 1.

Autonomous Execution (⭐ Recommended)

Enable LLM-driven autonomous QA testing with single master prompt:

Read: references/master_qa_prompt.md

Features:

  • Auto-resume from last completed test (reads tracking CSV)
  • Auto-execute test cases (Week 1-5 progression)
  • Auto-track results (updates CSV after each test)
  • Auto-file bugs (creates bug reports for failures)
  • Auto-generate reports (daily summaries, weekly reports)
  • Auto-escalate P0 bugs (stops testing, notifies stakeholders)

Benefits:

  • 100x faster execution vs manual
  • Zero human error in tracking
  • Consistent bug documentation
  • Immediate progress visibility

Usage: Copy master prompt, paste to LLM, let it run autonomously for 5 weeks.

Adapting for Your Project

Small Project (50 tests)

  • Timeline: 2 weeks
  • Categories: 2-3 (e.g., Frontend, Backend)
  • Daily: 5-7 tests
  • Reports: Daily summary only

Medium Project (200 tests)

  • Timeline: 4 weeks
  • Categories: 4-5 (CLI, Web, API, DB, Security)
  • Daily: 10-12 tests
  • Reports: Daily + weekly

Large Project (500+ tests)

  • Timeline: 8-10 weeks
  • Categories: 6-8 (multiple components)
  • Daily: 10-15 tests
  • Reports: Daily + weekly + bi-weekly stakeholder

Reference Documents

Access detailed guidelines from bundled references:

  • references/day1_onboarding.md - 5-hour onboarding guide for new QA engineers
  • references/master_qa_prompt.md - Single command for autonomous LLM execution (100x speedup)
  • references/llm_prompts_library.md - 30+ ready-to-use prompts for specific QA tasks
  • references/google_testing_standards.md - AAA pattern, coverage thresholds, fail-fast validation
  • references/ground_truth_principle.md - Preventing doc/CSV sync issues (critical for test suite integrity)

Assets & Templates

Test case templates and bug report formats:

  • assets/templates/TEST-CASE-TEMPLATE.md - Complete template with CLI and security examples

Scripts

Automation scripts for QA infrastructure:

  • scripts/init_qa_project.py - Initialize QA infrastructure (one command setup)
  • scripts/calculate_metrics.py - Generate quality metrics dashboard

Common Patterns

Pattern 1: Starting Fresh QA

1. python scripts/init_qa_project.py my-app ./
2. Fill in BASELINE-METRICS.md (document current state)
3. Write test cases using assets/templates/TEST-CASE-TEMPLATE.md
4. Copy master prompt from references/master_qa_prompt.md
5. Paste to LLM → autonomous execution begins

Pattern 2: LLM-Driven Testing (Autonomous)

1. Read references/master_qa_prompt.md
2. Copy the single master prompt (one paragraph)
3. Paste to LLM conversation
4. LLM executes all 342 test cases over 5 weeks
5. LLM updates tracking CSVs automatically
6. LLM generates weekly reports automatically

Pattern 3: Adding Security Testing

1. Read references/google_testing_standards.md (OWASP section)
2. Write TC-SEC-XXX test cases for each OWASP threat
3. Target 90% coverage (9/10 threats)
4. Document mitigations in test cases

Pattern 4: Third-Party QA Handoff

1. Ensure all templates populated
2. Verify BASELINE-METRICS.md complete
3. Package tests/docs/ folder
4. Include references/master_qa_prompt.md for autonomous execution
5. QA team can start immediately (Day 1 onboarding → 5 weeks testing)

Success Criteria

This skill is effective when:

  • ✅ Test cases are reproducible by any engineer
  • ✅ Quality gates objectively measured
  • ✅ Bugs fully documented with repro steps
  • ✅ Progress visible in real-time (CSV tracking)
  • ✅ Autonomous execution enabled (LLM can execute full plan)
  • ✅ Third-party QA teams can start testing immediately
Weekly Installs
1
Repository
nguyenthienthanh/aura-frog
Installed on
windsurf1
opencode1
codex1
claude-code1
antigravity1
gemini-cli1