qe-iterative-loop
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands including
npm test,npm run lint,npx tsc --noEmit, andnpm audit. These are standard commands for quality assurance and security auditing in JavaScript/TypeScript environments. - [EXTERNAL_DOWNLOADS]: Uses
npmandnpxwhich interface with the npm registry (a well-known service) to run or install packages. This is standard behavior for the described QE tasks. - [DYNAMIC_EXECUTION]: The skill facilitates an iterative 'Test-Fix Loop' where the agent analyzes failures, modifies production or test code, and re-runs the suite. This behavior is the primary intended purpose of the skill and is constrained within the development/test environment.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The agent parses output from
npm test, coverage reports, and contract validation results to decide subsequent actions. - Boundary markers: Completion is signaled using structured
<promise>tags (e.g.,<promise>TESTS_GREEN</promise>). - Capability inventory: The agent can modify local files, execute shell commands via
npm/npx, and interact with specialized QE tools through MCP (Model Context Protocol). - Sanitization: The skill does not explicitly define sanitization for test outputs, but the impact is localized to the testing iteration cycle.
Audit Metadata