qa-workflow
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run test suites using
npm test,pytest, andgo test. These commands execute code and scripts defined within the project repository under test. If the repository contains malicious test code or build configuration, it could lead to arbitrary code execution on the agent's host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests requirements and task specifications from project files like
spec.mdand.claude/context/specs/[task-name]-spec.md. An attacker could embed instructions in these files to manipulate the agent into approving a malicious implementation or bypassing quality gates. * Ingestion points: .claude/context/specs/[task-name]-spec.md, .claude/context/reports/qa/qa-report.md, spec.md * Boundary markers: None identified in the prompt logic. * Capability inventory: Bash (test runners), Write, Edit, Grep. * Sanitization: No sanitization or validation of external file content is performed before processing.
Audit Metadata