Skills
skills/wizeline/sdlc-agents/qa-exploring-tester/Gen Agent Trust Hub

qa-exploring-tester

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/browser_setup.py uses asyncio.create_subprocess_exec to run playwright install --with-deps, executing system-level commands to install browser binaries and dependencies.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of external browser binaries from Microsoft's Playwright registry during the setup process.
  • [CREDENTIALS_UNSAFE]: The SKILL.md instructions guide the agent to collect user credentials and pass them in plaintext to subagents (e.g., 'Credentials: test@example.com / TestPass123'), which may lead to exposure in logs or workspace files.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it processes untrusted data from Jira tickets, API contracts, and design references to synthesize test oracles.
  • Ingestion points: External Jira tickets, OpenAPI specs, and Figma URLs are explicitly listed as inputs in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided when processing external data.
  • Capability inventory: The skill possesses file-writing capabilities (generate_summary.py) and subprocess execution capabilities (browser_setup.py).
  • Sanitization: There is no evidence of sanitization for the content retrieved from external requirement or bug tracking systems.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 06:33 PM