qa-web
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
scripts/doctor.sh,scripts/scope-report.sh) and a Python script (scripts/render-report.py) to perform environment checks, analyze project changes, and aggregate test results. These scripts use standard tools likegit,gh, anduvto interact with the repository and environment. - [DATA_EXFILTRATION]: The skill includes a defined process for uploading test artifacts (screenshots and accessibility reports) to an external storage service at
evidence.cloudcompute.com. This is an intended feature for sharing QA evidence and is configured to use theEVIDENCE_UPLOAD_TOKENenvironment variable for authentication, which aligns with standard secret management practices. - [EXTERNAL_DOWNLOADS]: The documentation and setup scripts (
references/setup.md,scripts/doctor.sh) provide instructions for installing necessary dependencies from official registries, such as@playwright/testand@axe-core/playwrightusing thepnpmpackage manager.
Audit Metadata