local-service-testing

[Skill Scanner] Backtick command substitution detected This SKILL.md is documentation enforcing that developers run integration tests against real local services and post a verification artifact before PRs. It contains no executable code, no network exfiltration, no hardcoded secrets, and no references to untrusted download sources. The primary risk is procedural: developers might accidentally post sensitive data in the required GitHub artifact or the hook could be misconfigured, but there is no sign of malicious behavior in the document itself. Overall assessment: benign operational policy guidance. LLM verification: The chosen report (Report 3) is the most complete and coherent; it describes a balanced, secure testing discipline that combines unit tests with mocks and real-service integration tests using local orchestration via Docker. There are no signs of credential harvesting, external data exfiltration, or malicious behavior. The content is a policy/guide artifact intended to improve supply-chain security through better validation practices. Ensure environment isolation to prevent unintended data impact