autonomous-tests
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute system discovery commands (Git, Docker Compose) and Python3 for local data processing (JSON manipulation, hashing). These commands are used to establish context and validate the environment for local E2E testing.
- [SAFE]: Implements a configuration trust store at
~/.claude/trusted-configs/. It verifies the integrity of the project's local configuration file by comparing its SHA-256 hash against a user-approved hash stored outside the repository, preventing unauthorized configuration overrides from files committed to a codebase. - [SAFE]: Incorporates a production safety check (Phase 1) that scans environment files for live secret patterns (e.g.,
sk_live_,pk_live_) and environment variables indicating a production setting. The process aborts if such indicators are found to protect live infrastructure from accidental modification. - [SAFE]: Enforces a 'Plan-First' workflow by requiring the use of
EnterPlanModeand providing a skill-scoped approval hook forExitPlanMode. This ensures that all proposed test actions and agent tasks are reviewed and approved by the user before execution. - [SAFE]: Includes a transparent setup script (
scripts/setup-hook.sh) that automates local environment configuration. The script follows best practices for safety, including atomic file updates and automatic backups of the Claude settings file before modification.
Audit Metadata