The Agent Skills Directory

[SAFE]: The skill is well-documented and its behavior aligns with its stated purpose of providing automated QA reporting. No malicious patterns, obfuscation, or persistence mechanisms were detected.
[COMMAND_EXECUTION]: The skill uses standard shell commands like git diff and ls to analyze the local repository context and identify pages affected by recent changes. This is standard behavior for developer-oriented tools.
[CREDENTIALS_SAFE]: The instructions explicitly mandate the redaction of passwords ([REDACTED]) when documenting reproduction steps, which follows security best practices to prevent sensitive data exposure in reports.
[EXTERNAL_DOWNLOADS]: The skill interacts with external websites and local development servers via browser automation tools. This is the primary function of a QA tool and does not involve downloading or executing unauthorized remote scripts.
[DATA_EXPOSURE]: The skill writes screenshots and reports to the project's local .planning/qa/ directory. No evidence of unauthorized exfiltration of sensitive files or environment variables was found.
[INDIRECT_PROMPT_INJECTION]: Since the skill processes content from external websites, it possesses an inherent attack surface for indirect prompt injection. However, the instructions are focused on systematic testing and reporting rather than executing commands derived from page content, mitigating the risk.

qa-only