skills/pedronauck/skills/qa-execution/Gen Agent Trust Hub

qa-execution

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for quality assurance and uses structured references and templates to guide the agent's behavior. No patterns of prompt injection or malicious overrides were found.
  • [DATA_EXPOSURE]: The skill handles QA artifacts like screenshots and reports within a user-defined or default temporary directory (/tmp/qa-execution-*). This is standard behavior for testing tools and does not involve accessing sensitive system files or exfiltrating private data.
  • [COMMAND_EXECUTION]: The skill utilizes the agent-browser companion tool to perform web interactions. All commands (open, snapshot, click, fill) are legitimate actions for a QA agent and are performed within the context of the user-provided test plan.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests test artifacts (plans, journeys) from a previous qa-report run. While this represents a data ingestion surface, the risk is low as the content is expected to be structured test data, and the skill includes procedures to verify the environment before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:26 PM
Security Audit — agent-trust-hub — qa-execution