quality-playbook
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is explicitly designed to generate and execute automated functional and integration tests. It uses standard language-specific test runners (e.g., pytest, mvn test, go test, npm test) to execute the generated code within the local environment. This capability is central to the skill's documented purpose of establishing a quality system.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the codebase and user-provided AI chat histories (Claude/Gemini/ChatGPT exports) to generate test logic, creating an indirect prompt injection surface. Ingestion points: Project source code, documentation files, and folders containing AI chat transcripts provided by the user. Boundary markers: No specific delimiters or instructions to ignore embedded prompts are implemented in the ingestion process. Capability inventory: Writing files to the project directory and executing system commands via standard test runners. Sanitization: The skill does not describe specific sanitization of input data before its use in generation tasks.
Audit Metadata