test-documentation
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a professional QA workflow for documenting validated behaviors in a Tracking Management System (TMS). It uses a structured Subagent Dispatch Strategy to manage bulk operations efficiently.
- [EXTERNAL_DOWNLOADS]: The skill references and interacts with official Atlassian Jira and Xray REST/GraphQL APIs and CLI tools (
acli,xray-cli). These are well-known technology services, and the interactions are documented neutrally as standard functionality. - [DATA_EXFILTRATION]: Authentication tokens and configuration settings (e.g.,
JIRA_API_TOKEN,XRAY_CLIENT_SECRET) are retrieved from local.envfiles. This follows standard secure practice for secret management in development tools and does not constitute unauthorized exposure. - [PROMPT_INJECTION]: The skill processes untrusted content from Jira User Stories, Epics, and comments to generate test cases. While this provides a surface for indirect prompt injection, the risk is inherent to the primary purpose of the skill and is mitigated by the structured analysis and validation phases described in the instructions.
- Ingestion points: Reads User Story descriptions, Acceptance Criteria, and Jira comments (
SKILL.md§Phase 1). - Boundary markers: Not explicitly defined in the prompt instructions.
- Capability inventory: Uses
[ISSUE_TRACKER_TOOL]and[TMS_TOOL]for searching, creating, updating, and transitioning Jira issues. - Sanitization: The skill emphasizes validating design assumptions against implementation source code (
SKILL.md§Source-code validation), providing a manual verification step before documentation.
Audit Metadata