qa-demo-stand

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform destructive infrastructure testing, such as terminating containers via Docker Compose and simulating network outages to verify system recovery behavior.
  • [COMMAND_EXECUTION]: The agent is tasked with developing and running automation scripts for browser-based testing, data provisioning, and API concurrency checks.
  • [PROMPT_INJECTION]: The instructions list common injection attack patterns (e.g., "ignore your instructions", "reveal your system prompt") as part of an adversarial testing catalog. These are intended to be used as inputs for testing the target application and do not represent attempts to subvert the agent's own operational guidelines.
  • [DATA_EXFILTRATION]: The skill requires access to local databases and container logs to perform its QA functions. It includes mitigation strategies such as using a dedicated, git-ignored directory ("demostand/"), creating disposable test data, and closing sessions after probes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:31 PM
Security Audit — agent-trust-hub — qa-demo-stand