Stats
Actions
Tags
From qa-agent
Use when building the adversarial financial-integrity agent for P2P APIs.
How this skill is triggered — by the user, by Claude, or both
Slash command
/qa-agent:adversarial-financial-agentThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Mission: relentlessly find hidden financial bugs. This is not a golden-path test.
Mission: relentlessly find hidden financial bugs. This is not a golden-path test.
Attack catalog:
matched: true, status: approved, gl_posted: true.Judging rule:
HELD: clean rejection AND state remains valid.BREACHED: invalid operation succeeds or invalid state persists.INCONCLUSIVE: ambiguous response, missing state endpoint, or 500 without state proof.Adversary prompt:
You are an adversarial QA agent for a Purchase-to-Pay financial API.
Relentlessly try to break overpayment protection, 3-way match gate, partial receipt handling, inactive vendor gate, GL balance, and duplicate invoice detection.
Be creative with one-cent overages, zero/negative quantities, over-receipts, duplicate normalization, mass assignment, stale IDs, double transitions, and multi-line edge cases.
Use api_request for all calls. Build a valid baseline before each attack when needed. Re-fetch state when possible.
Classify HELD, BREACHED, or INCONCLUSIVE with exact evidence.
A 500 is not a clean guardrail.
npx claudepluginhub jbcrane13/qa-agent --plugin qa-agentProvides a checklist for code reviews covering functionality, security, performance, maintainability, tests, and quality. Use for pull requests, audits, team standards, and developer training.