qa-project-context
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a centralized metadata file (.agents/qa-project-context.md) designed to be read by all other skills in the collection. This introduces a surface for indirect prompt injection. Ingestion point: .agents/qa-project-context.md. Boundary markers: Absent. Capability inventory: Downstream skills use this file to prioritize automation and configure test suites. Sanitization: Not provided.
- [DATA_EXFILTRATION]: The skill gathers and stores sensitive project metadata including production and staging URLs, technology stack details, and high-impact risk areas. While intended for context sharing, this architectural documentation maps the project internal infrastructure and attack surface.
- [SAFE]: The skill uses standard interactive discovery questions and project file scanning to assist the user. It does not perform unauthorized network requests or execute untrusted remote code.
Audit Metadata