Skills
skills/bitrise-io/ai-qa-agent-cli/run-ai-qa-tests/Gen Agent Trust Hub

run-ai-qa-tests

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads an installation script for the ai-qa-agent-cli from the Bitrise official GitHub organization (github.com/bitrise-io/ai-qa-agent-cli). This is a legitimate vendor resource used to provision the local environment.
  • [COMMAND_EXECUTION]: The skill executes various shell commands and a local helper script (ensure-template.sh) to interact with the Bitrise platform. These commands include downloading and executing the installer, running the CLI to manage QA sessions, and using curl to interface with the Bitrise RDE API.
  • [CREDENTIALS_UNSAFE]: The script ensure-template.sh reads the Bitrise Personal Access Token (PAT) from the environment variable $BITRISE_PAT or the local file ~/.bitrise/pat. This is the standard and intended method for authenticating requests to the Bitrise API for this tool.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes a common installation pattern where a shell script is fetched via curl and piped to sh. While this pattern is often flagged, in this context, the source is the official repository of the skill's vendor (bitrise-io), making it a recognized and safe operation for the tool's deployment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:33 PM
Security Audit — agent-trust-hub — run-ai-qa-tests