testing
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows security best practices for credential management by instructing the agent to store preview access tokens in gitignored local files (
preview-token.local) and strictly prohibiting them from being committed to git or echoed back in output. - [COMMAND_EXECUTION]: The skill utilizes standard shell commands (
git diff,git rev-parse,base64) to scan the local codebase for testing surfaces and to validate token metadata (expiry). These operations are restricted to the local project environment. - [SAFE]: All browser automation activities are targeted at the project's legitimate preview environment on the
lovable.appdomain, consistent with the skill's stated purpose. - [DATA_EXFILTRATION]: No unauthorized data transfer or exfiltration patterns were identified; network interactions are limited to the verified project preview URLs.
Audit Metadata