qa-systematic
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically detects and executes project-specific test commands (e.g.,
npm run test,pytest,make test,cargo test) based on the detected framework and lock files. While this is expected functionality for a QA tool, it involves executing shell commands derived from the project environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes data from external websites.
- Ingestion points: Navigates to user-provided URLs and parses page content, metadata, and console logs (SKILL.md, Phase 4).
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions potentially embedded in the HTML or console output of the site being tested.
- Capability inventory: The skill possesses browser automation capabilities (interaction, navigation), the ability to read the local file system (project detection), and the ability to write reports to the disk.
- Sanitization: No sanitization or filtering of the ingested web content is defined before the agent processes it for issue classification.
Audit Metadata