test-strategy
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from a local file .agents/qa-project-context.md to gather project details. While this is an entry point for external data, it is used here for document templating. Ingestion points: .agents/qa-project-context.md. Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the context file content. Capability inventory: The skill body references benign shell commands (find, npx vitest) for gathering test counts. Sanitization: No sanitization or validation of the context file content is performed.
- [COMMAND_EXECUTION]: The skill includes shell command templates (e.g., npx vitest, find) in references/strategy-templates.md for analyzing the current test distribution. These are standard utility commands for the intended purpose and do not represent a malicious threat.
Audit Metadata