qe-iterative-loop
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a wide range of standard development tools including
npm test,npm run lint,npm run typecheck,npm audit, andnpx tsc. These commands are used to evaluate and improve code quality through autonomous iteration loops. - [SAFE]: The skill references an external GitHub repository (
github.com/proffesor-for-testing/agentic-qe) which belongs to the skill author and is considered a vendor-owned resource. - [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network operations were detected in the instructions or metadata.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing untrusted data from the local environment and external sources.
- Ingestion points: The skill parses output from test runners (e.g.,
npm test), coverage reports (e.g.,c8,istanbul), and quality gate check results. - Boundary markers: No explicit boundary markers or instructions to disregard embedded commands within the processed tool outputs are defined.
- Capability inventory: The agent can execute shell commands (
npm,npx), manage tasks via MCP tools (mcp__agentic-qe__task_orchestrate), and access persistent memory. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external tool output before it is used to influence the iteration loop's decision-making logic.
Audit Metadata