Skills
skills/oimiragieo/agent-studio/qa-workflow/Gen Agent Trust Hub

qa-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external content from local project files such as specifications and test reports to verify implementation requirements. This creates a surface for indirect prompt injection.
  • Ingestion points: Reads requirements from .claude/context/specs/[task-name]-spec.md and spec.md, as well as QA reports from .claude/context/reports/qa/qa-report.md.
  • Boundary markers: Absent. The skill does not define specific delimiters to isolate external file content from its own instructions.
  • Capability inventory: The skill utilizes Bash, Write, and Edit tools, allowing for command execution and file modification.
  • Sanitization: Absent. Content from ingested files is processed without validation or sanitization.
  • [COMMAND_EXECUTION]: The skill executes standard development and testing commands to verify the software implementation.
  • Commands: Runs npm test, pytest, go test ./..., and npm run dev to validate code.
  • Network: Uses curl http://localhost:3000/health to verify that local services are running correctly during testing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 02:01 AM