Skills
skills/svenja-dev/claude-code-skills/qa-checklist/Gen Agent Trust Hub

qa-checklist

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill executes standard development lifecycle commands (e.g., npm run build, npm run test, npx tsc) and git operations. These actions are directly aligned with the skill's primary purpose of providing a QA checklist.
  • [EXTERNAL_DOWNLOADS] (SAFE): Utilizes npx for executing development tools and curl for verifying the status of a deployed application health endpoint. No remote scripts are downloaded and executed.
  • [DATA_EXPOSURE] (SAFE): Includes a proactive security check that scans git diffs for hardcoded secrets (passwords, tokens, etc.) to prevent accidental exposure. It queries the AWS region via the CLI for environment verification.
  • [INDIRECT_PROMPT_INJECTION] (SAFE): The skill processes untrusted data from git diff outputs. Ingestion points: git diff output (SKILL.md); Boundary markers: Absent; Capability inventory: npm, npx, aws, git, curl (SKILL.md); Sanitization: Uses grep to filter for specific strings. The risk is minimal as the automation follows a fixed check-and-report workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM