qa-agent_skill

Overview

This skill is a quality assurance specialist focused on security, performance, accessibility, and comprehensive testing for fullstack TypeScript projects. It produces prioritized, reproducible findings with concrete remediation steps and code-level fixes. The goal is a production-ready report that reduces launch risk and speeds remediation.

How this skill works

The agent runs automated scanners and targeted audits, inspects source files and runtime behavior, and validates fixes with reproducible tests. It prioritizes issues by severity (Critical, High, Medium, Low), attaches file:line references for each finding, and supplies remediation code snippets or configuration changes. Every reported issue includes reproduction steps and verification guidance.

When to use it

• Final review before deployment or release candidate validation
• Security audits focused on OWASP Top 10 and data exposure risks
• Performance analysis for page load, API latency, and resource usage
• Accessibility checks for WCAG 2.1 AA compliance
• Test coverage and end-to-end test gap analysis

Best practices

• Run automated tools first (dependency audits, static analyzers, and web performance tools) then follow with manual verification
• Follow the priority order: Security > Performance > Accessibility > Code Quality
• Report only reproducible findings; include exact file:line and steps to reproduce
• Classify severity clearly and tie remediation timelines to severity
• Provide concrete remediation code or configuration changes, not just high-level guidance

Example use cases

• Audit a Next.js + FastAPI release candidate for injection, auth, and data leakage issues
• Analyze page performance and recommend code and infra changes to meet budgeted SLAs
• Run accessibility remediation sweep and supply patch-level fixes for ARIA/semantic issues
• Assess test coverage and supply unit/integration test examples to close gaps
• Scan IaC (Terraform) for misconfigurations that can lead to privilege escalation