do-execute-qa-bugfix
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an 'Autonomous Execution Policy' labeled as CRITICAL that instructs the agent to NEVER pause or wait for user input, even for intermediate results. This is a pattern used to minimize human oversight and bypass safety controls that rely on user confirmation.
- [COMMAND_EXECUTION]: The skill dynamically identifies and executes scripts from the project's 'package.json' (e.g., 'test', 'typecheck') based on the detected environment. This execution occurs autonomously without user review of the command line.
- [DATA_EXPOSURE]: The skill is instructed to search for and read sensitive project configuration files across different AI tool environments, including '.claude/', '.github/', and '.cursor/rules/'.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Reads user-provided bug reports ('qa-bugs/*.md'), PRDs, and TechSpecs ('SKILL.md').
- Boundary markers: Absent. There are no instructions to the agent to treat file content as data only or to ignore embedded instructions found in the bug reports.
- Capability inventory: Can edit/write files, execute shell commands (npm/pnpm/bun), and invoke MCP tools ('SKILL.md').
- Sanitization: Absent. No validation of the content within the bug reports is performed before using it for reproduction or implementation steps.
Audit Metadata