qa-systematic
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically identifies and runs test commands such as 'make test', 'npm test', or 'pytest' by inspecting project files like 'package.json' and 'Makefile' via project detection logic.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it systematically explores and processes content from target web applications during testing.
- Ingestion points: Web page HTML, navigation structures, and form elements collected in Phase 3 and Phase 4.
- Boundary markers: Not specified; the agent lacks explicit delimiters to distinguish between target application data and internal QA instructions.
- Capability inventory: Browser automation (Playwright/Puppeteer) and shell command execution (test runners).
- Sanitization: No methods for sanitizing or validating external web content are mentioned in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill depends on external browser automation frameworks such as Playwright, Puppeteer, or Cypress, and attempts to utilize them if found on the system PATH.
- [CREDENTIALS_UNSAFE]: The authentication workflow involves requesting or utilizing user-provided credentials to test password-protected features of the target application.
Audit Metadata