qe-security-testing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional and provides templates for security testing, auditing, and vulnerability assessment.
- [EXTERNAL_DOWNLOADS]: References established and trusted security tools in its CI/CD examples, such as TruffleHog and OWASP ZAP (zap2docker-stable). These are recognized industry standards for secret scanning and dynamic application security testing.
- [PROMPT_INJECTION]: The instructions establish a persona for security auditing and quality engineering. There are no attempts to override agent safety constraints or bypass core instructions.
- [COMMAND_EXECUTION]: Includes standard security-related shell commands for auditing dependencies (e.g.,
npm audit) and scanning for secrets (e.g.,git-secrets), which are appropriate for the skill's defined purpose.
Audit Metadata