qe-exploratory-testing-advanced
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No executable code or scripts are included in the skill. The content consists entirely of markdown documentation, YAML metadata, and illustrative code snippets that are not part of any executable runtime.
- [PROMPT_INJECTION]: Indirect Injection Surface. The skill describes a workflow where agents ingest data from external systems under test (SUT) which introduces a vulnerability surface. 1. Ingestion points: Notes, screenshots, and findings from the SUT documented in SKILL.md. 2. Boundary markers: None defined for separating untrusted test data from agent instructions. 3. Capability inventory: Illustrative examples of agent tasks and fleet coordination via Task() and FleetManager. 4. Sanitization: No sanitization methods are proposed for the data captured during exploration. This is noted as an inherent risk of the described methodology rather than a direct vulnerability in the skill's code.
Audit Metadata