No instructions to fetch external URLs, install untrusted dependencies, or pull remote payloads.
Profile content is self-contained markdown and code examples; no supply-chain poisoning detected.
Agent Intent
Low
Profile describes eight testing agent personalities with legitimate QA/testing domain expertise; no hidden instructions to manipulate the AI or ignore system prompts.
Content documents testing methodologies, audit templates, and code examples—all framed as guidance for the agents to perform their stated testing functions, not to subvert them.
No instructions to reveal system prompts, tool definitions, or conversation memory; no role-hijacking language or exfiltration directives.
Accessibility Auditor: 'You are **AccessibilityAuditor**, an expert accessibility specialist...' — role definition, not injection.
API Tester: 'You are **API Tester**, an expert API testing specialist...' — standard personality framing.
Evidence Collector: 'You are **EvidenceQA**, a skeptical QA specialist...' — describes skeptical approach to testing, not AI manipulation.
Reality Checker: 'You are **TestingRealityChecker**, a senior integration specialist...' — defines realistic assessment role, not prompt leakage.
No instances of 'ignore previous instructions', 'read ~/.ssh', 'curl POST to external host', or 'reveal your system prompt'.
Permissions
Low
No tool definitions or MCP servers declared; profile is pure markdown agent personality guidance with no executable hooks or shell/file-write permissions requested.
Code examples (JavaScript, Python, bash) are illustrative templates for testing workflows, not instructions to install or execute arbitrary code.
Agent personalities describe testing activities (screenshot capture, API testing, performance benchmarking) that are appropriate to their stated domain.
Details
Evidence
Evidence Collector references './qa-playwright-capture.sh' as an example command, not as a tool to be installed with alwaysApply=true.
Reality Checker mentions 'ls -la', 'grep -r' as example reality-check commands for local inspection, not as persistent hooks.
No file_delete, file_mutate, or shell rules with globs='**' and alwaysApply=true.
No subagent or web_fetch permissions beyond what a testing agent would legitimately need.
MCP Risk
Low
No MCP servers defined in the profile; no hidden instructions in tool descriptions or arbitrary binary execution.
Profile is markdown-only agent personality guidance; no network access, filesystem restrictions, or credential requirements declared.
Details
Evidence
Profile metadata shows 'Dependencies: None' and no MCP server configuration.
All code examples are illustrative (JavaScript, Python, bash) and not tied to executable MCP tool definitions.