qa-agent
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a professional and structured QA workflow using established security protocols and audit tools like npm audit, bandit, and lighthouse.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to analyze untrusted external codebase content.\n
- Ingestion points: Codebase files and modules identified through scoping tools such as search_for_pattern and get_symbols_overview in resources/execution-protocol.md.\n
- Boundary markers: Absent. The execution protocol does not specify delimiters or instructions to isolate untrusted code content from the agent's control logic.\n
- Capability inventory: The skill uses tool calls for reading files, searching patterns, and executing CLI-based auditing utilities.\n
- Sanitization: Absent. External codebase content is reviewed directly without prior sanitization or instruction-filtering.
Audit Metadata