quality-postmortem
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely composed of markdown instructions and templates for quality assurance processes. It contains no executable scripts, command-line operations, or network requests.
- [DATA_EXPOSURE]: No sensitive file paths or credentials were found. The skill suggests reading a local configuration file (
.agents/qa-project-context.md), which is a standard practice for providing project-specific context to an agent and does not constitute a security risk. - [PROMPT_INJECTION]: The instructions are professional and focused on systemic improvement. There are no attempts to override agent safety guidelines, bypass constraints, or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: While the skill involves reading external project context and processing bug reports (an ingestion surface), the instructions are highly structured and do not involve executing or evaluating the content of those inputs in a dangerous way. As per the security guidelines, this is considered a low-risk surface inherent to the skill's primary purpose.
Audit Metadata