QA

The provided SKILL.md file is a purely descriptive document detailing how an AI agent should perform Quality Assurance tasks. It defines phases, scope determination, test plan creation, approval, and execution, including how a 'QA Test Manager' subagent should behave.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'You are now [unrestricted]') were found in the skill's instructions or metadata.
2. Data Exfiltration: The skill instructs the agent to read local files (PLAN.md, recently modified files) for context and to create local files (TEST_PLAN.md, REPORT.md). There are no instructions to access sensitive system files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or to transmit data to external, non-whitelisted domains.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, or URL/hex/HTML encoding were detected within the markdown content.
4. Unverifiable Dependencies: The skill describes spawning internal subagents using the /subagent skill and the Task tool, which are part of the agent's framework. It does not instruct the agent to install external packages (npm install, pip install) or clone repositories from unverified sources.
5. Privilege Escalation: No commands or instructions for privilege escalation (e.g., sudo, chmod 777, modification of system files) are present.
6. Persistence Mechanisms: There are no instructions to establish persistence (e.g., modifying .bashrc, creating cron jobs, altering authorized_keys).
7. Metadata Poisoning: The skill's metadata (name, description, version) is clean and accurately reflects its purpose, with no hidden malicious instructions.
8. Indirect Prompt Injection: The skill instructs the agent to gather context from PLAN.md, user descriptions, and recently modified files. While the skill itself does not contain indirect prompt injection, any skill that processes external, untrusted content is inherently susceptible to it. This is noted as an informational risk for the agent's operational environment, not a vulnerability in the skill's code.
9. Time-Delayed / Conditional Attacks: No conditional logic based on time, usage, or environment variables that would trigger delayed or specific malicious behavior was found.

Overall, the skill is a set of instructions for an AI agent and does not contain any executable code or direct security vulnerabilities. It is categorized as 'NO_CODE' and deemed 'SAFE'.