Test Strategy Document Generator

v20260618

test-strategy-doc

This skill generates a comprehensive and structured test strategy document. Given a feature specification, PRD, or system description, it systematically outlines the test scope, performs a detailed risk assessment, defines necessary test types (Unit, E2E, Performance, Security), and provides a prioritized, actionable test case outline to ensure robust quality assurance before release.

Testing QA Strategy Documentation Software Quality Assurance Planning

Get Skill

243 downloads

Overview

Test Strategy Document Skill

Produces a complete test strategy from a feature spec, PRD, or system description — covering scope, test types, risk areas, coverage requirements, and a prioritised test case outline.

Required Inputs

Ask for these if not provided:

Feature or system being tested (paste a spec, PRD, or describe it in plain English)
Tech stack (language and framework — e.g. TypeScript + React, Python + FastAPI)
Existing test coverage (e.g. "we have unit tests but no E2E tests", "we use Jest + Playwright already", or "starting from scratch")
Deployment cadence (e.g. continuous deployment / weekly releases / quarterly — affects what must be automated vs. manual)
Risk level (low / medium / high / critical — affects depth and coverage requirements)
Timeline (when does this need to ship — affects prioritisation)
Team context (who is doing the testing — developers / dedicated QA / both)

Output Format

1. Test Scope

In scope:

[Specific functionality being tested]
[Integration points covered]
[User-facing flows included]

Out of scope:

[What is deliberately not tested here — and why]
[Dependencies owned by other teams]

Assumptions:

[What the test strategy assumes is true — e.g. mocked services, test data availability]

2. Risk Assessment

Identify the highest-risk areas first — these drive depth and coverage:

Area	Risk Level	Why	Test Priority
[e.g. Payment processing]	High	Money movement, regulatory	P0 — exhaustive
[e.g. User authentication]	High	Security boundary	P0 — exhaustive
[e.g. Email notifications]	Medium	External dependency	P1 — happy path + key failures
[e.g. UI copy changes]	Low	Visual only, reversible	P2 — smoke only

3. Test Types and Coverage

Unit Tests

What: Individual functions and methods in isolation
Who writes: Developer
Coverage target: [e.g. 80% line coverage on new code / 100% on critical paths]
Tools: [e.g. Jest, pytest, go test]
Focus areas for this feature: [Specific logic that needs unit coverage]

Integration Tests

What: Service interactions, database operations, API contracts
Who writes: Developer / QA
Coverage target: [All happy paths + key failure modes]
Tools: [e.g. Supertest, pytest + testcontainers]
Focus areas: [Specific integrations at risk — e.g. third-party API, DB schema changes]

End-to-End Tests

What: Critical user journeys from browser/client to database
Who writes: QA / Developer
Coverage target: [Top N user journeys — list them]
Tools: [e.g. Playwright, Cypress, Selenium]
Focus areas: [The 3–5 most critical user flows]

Performance Tests (include if any row in the Risk Assessment table has performance as a risk factor, regardless of overall risk level)

What: Load, stress, or latency testing
Targets: [Specific numbers — e.g. 200 req/sec at p95 < 200ms]
Tools: [e.g. k6, Locust, JMeter]

Security Tests (include only if risk is high+)

What: OWASP Top 10 checks relevant to this feature
Focus: [Auth bypasses, injection, data exposure]
Tools: [e.g. OWASP ZAP, manual penetration testing, Snyk]

4. Test Case Outline

Priority-ordered list of specific test cases:

P0 — Must pass before merge:

Test Case	Type	Expected Outcome
[e.g. User can log in with valid credentials]	E2E	[Redirect to dashboard, session created]
[e.g. Invalid login returns 401]	Integration	[Error message displayed, no session]
[e.g. Password is never stored in plain text]	Unit	[bcrypt hash in DB]

P1 — Must pass before release:

Test Case	Type	Expected Outcome
[e.g. Login fails gracefully when DB is down]	Integration	[User sees friendly error, 503]
[e.g. Rate limiting blocks after 5 failed attempts]	Integration	[429 returned, account flagged]

P2 — Should pass, can ship with known issues tracked:

Test Case	Type	Expected Outcome
[e.g. Login page renders correctly on mobile]	E2E	[Layout matches design]

5. Test Data Requirements

[Specific test data needed — e.g. test user accounts with various states]
[External service stubs or mocks needed]
[Database seed data requirements]
[Any PII concerns and how test data handles them]

6. Definition of Done

Testing is complete when:

All P0 test cases pass
All P1 test cases pass
Code coverage meets the stated target
No critical or high severity bugs open
Performance targets met (if applicable)
Security checks completed (if applicable)

Quality Checks

Risk table is populated and drives test priority (not filled in generically)
Every "P0 — exhaustive" row in the Risk Assessment table has at least one corresponding P0 test case
"Out of scope" section names at least one explicit exclusion (not left blank)
Each test type names a concrete tool (not "some testing framework")
Definition of Done is measurable (not "tests are done when QA is happy")

Anti-Patterns

Do not write a test strategy without a risk table that drives test priority — generic coverage targets are not a strategy
Do not leave the "out of scope" section blank — every test strategy must explicitly name what is not being tested and why
Do not specify test types without naming a concrete tool for each — "some testing framework" is not actionable
Do not define a Definition of Done that is not measurable — "QA is happy" is not a completion criterion
Do not create P0 risk areas without corresponding P0 test cases — risk rating must map to test coverage

Usage Examples

"Write a test strategy for [feature]" + [paste spec or PRD]
"Create a test plan for [system]"
"How should we test [feature]?"
"I need a QA plan for this sprint"
"What tests do we need for [X]?"

Info

Category Development

Name test-strategy-doc

Version v20260618

Size 6.31KB

Source mohitagw15856/pm-claude-skills

Updated At 2026-06-19