qa-advanced
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Playwright tests via the 'npx playwright test' command. This is standard behavior for a QA tool.
- [DYNAMIC_EXECUTION]: The skill generates Playwright test scripts at runtime based on local project metadata and user-provided JSON test data.
- [DATA_INGESTION]: (Indirect Prompt Injection Surface) 1. Ingestion points: Reads 'qa-tracker.json', variants JSON files, and local source code files like e2e specs and API hooks. 2. Boundary markers: Employs a structured JSON schema ('qa-variants-v1') for variant data. 3. Capability inventory: Executes shell commands via npx and performs file system writes to create test scripts. 4. Sanitization: Relies on structured JSON parsing and uses predefined code templates for test generation.
Audit Metadata