qa-phase
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes the local vendor script 'scripts/qa/pre-release-check.sh' and runs Node.js testing frameworks through the Bash tool.
- [EXTERNAL_DOWNLOADS]: Utilizes 'curl' and 'fetch' for Level 2 API testing. This is a legitimate use case for validating network endpoints.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface. Ingestion points: Reads design documents and check phase analysis. Capability inventory: Uses Bash, Write, Edit, and Chrome MCP. Boundary markers: Workflow requires human-in-the-loop confirmation if critical issues are found during the pre-scan. Sanitization: Parses scanner output for status levels (CRITICAL/WARNING) before proceeding.
Audit Metadata