quality-assurance
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill includes explicit security guidance in 'references/anti-patterns.md', warning against hard-coding secrets in CI environments and recommending the use of encrypted variables.
- [COMMAND_EXECUTION]: The helper scripts 'scripts/qa-check.sh' and 'scripts/coverage-report.sh' utilize 'bash -lc' to execute commands dynamically detected from the repository's configuration files (e.g., package.json scripts, Makefile targets). This behavior is the primary intended function of the skill and follows standard development tooling patterns.
- [SAFE]: The 'scripts/qa-scan.py' utility performs local filesystem analysis using 'pathlib' to identify project stacks and does not perform any network operations or external data transmission.
- [SAFE]: Recommended CI/CD integrations and tools cited in the documentation (e.g., GitHub Actions, Playwright, Vitest) originate from well-known and trusted technology providers.
Audit Metadata