testing

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill follows security best practices for credential management by instructing the agent to store preview access tokens in gitignored local files (preview-token.local) and strictly prohibiting them from being committed to git or echoed back in output.
  • [COMMAND_EXECUTION]: The skill utilizes standard shell commands (git diff, git rev-parse, base64) to scan the local codebase for testing surfaces and to validate token metadata (expiry). These operations are restricted to the local project environment.
  • [SAFE]: All browser automation activities are targeted at the project's legitimate preview environment on the lovable.app domain, consistent with the skill's stated purpose.
  • [DATA_EXFILTRATION]: No unauthorized data transfer or exfiltration patterns were identified; network interactions are limited to the verified project preview URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:57 AM
Security Audit — agent-trust-hub — testing