qa-phase
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts, specifically
scripts/qa/pre-release-check.sh, to identify structural issues before testing. It also usescurlfor L2 API testing andBashfor L5 data flow tests. These operations are scoped to the local environment and the project's testing requirements. - [PROMPT_INJECTION]: The workflow involves reading design documents and analysis from previous phases to generate test plans, creating an indirect prompt injection surface. This is a common pattern for workflow-oriented skills.
- Ingestion points: Design documentation and analysis files from the 'Check' phase.
- Boundary markers: Absent; the skill directly processes external document content.
- Capability inventory: The skill possesses file-write capabilities (
Write,Edit) and shell execution (Bash), allowing it to create and run tests based on ingested data. - Sanitization: Not explicitly implemented; however, the skill includes a human-in-the-loop checkpoint, asking the user whether to continue if critical issues are detected during the pre-release scan.
- [REMOTE_CODE_EXECUTION]: The skill dynamically generates test code files and then executes them. While this involves dynamic execution, it is the core functionality of a test automation skill and uses locally generated templates rather than untrusted remote code.
Audit Metadata