when-verifying-quality-use-verification-quality

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill utilizes well-known development tools such as ESLint, SonarScanner, Jest, Cypress, Playwright, and Newman for their intended purposes of static and dynamic analysis.
  • [SAFE]: Command execution is restricted to local project scripts (npm run), standard CLI utilities, and framework-specific runners within the testing environment.
  • [SAFE]: Data processing involves aggregating locally generated JSON reports and formatting them into Markdown, HTML, and PDF artifacts without executing untrusted remote code.
  • [SAFE]: The use of cryptographic signing via openssl for the certification phase is a standard practice for maintaining an audit trail and ensuring build integrity.
  • [SAFE]: Environment variables are used for sensitive configurations like SONAR_TOKEN, following best practices for secret management in automated pipelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:21 AM
Security Audit — agent-trust-hub — when-verifying-quality-use-verification-quality