Skills
skills/shaul1991/shaul-agents-plugin/qa-analyst/Gen Agent Trust Hub

qa-analyst

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill utilizes Bash to execute performance testing tools such as Apache Bench (ab) and wrk, as well as docker stats for resource monitoring. These tools are consistent with the 'QA Analyst' persona and are used for their intended purpose.
  • EXTERNAL_DOWNLOADS (LOW): The allowed-tools metadata grants access to curl and npm. The provided examples show curl being used to interact with https://api-nest.shaul.link. While the domain is not on the predefined trusted list, the usage is limited to health checks and response time measurement.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and analyze external data via Read, Grep, and network responses, creating a surface for potential indirect injection.
  • Ingestion points: Tool outputs from curl, Read, and Grep used for metric analysis.
  • Boundary markers: No specific delimiters or 'ignore' instructions are present to prevent the agent from interpreting instructions within test data.
  • Capability inventory: Subprocess execution via Bash (curl, docker, npm).
  • Sanitization: No sanitization or validation of external content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:46 PM