qa-run
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a controlled workflow runner for manual QA testing, following a strict interactive process with human-in-the-loop verification.
- [SAFE]: It implements defensive constraints by explicitly prohibiting the use of dangerous capabilities such as terminal execution (
no terminal), database access (no DB), or GraphQL queries, even if the user is a developer. - [SAFE]: No external network dependencies, obfuscation, or remote code execution patterns were detected. The skill operates exclusively on local project files.
- [SAFE]: The skill handles data exposure risks appropriately by restricting its file operations to specific, project-related naming patterns (
qa-plan-*.mdandqa-results-*.md) rather than accessing sensitive system or credential files. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and executes instructions from external
qa-plan-*.mdfiles. This is consistent with its primary purpose as a QA runner. - Ingestion points: Reads data from
qa-plan-*.mdfiles in Step 1 and Step 2. - Boundary markers: Absent; the skill directly presents plan steps for the agent or user to perform.
- Capability inventory: Browser CDP (Chrome DevTools Protocol) for UI interaction and file writing to the
qa-results-*.mdfile. - Sanitization: Absent; the plan content is treated as authoritative testing instructions.
Audit Metadata