dotagents-qa
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill performs standard development and QA operations, including building the CLI from source and running local smoke test scripts ('scripts/smoke-examples.mjs') within a containerized environment.
- [EXTERNAL_DOWNLOADS]: Fetches official agent CLI packages from the NPM registry, including '@anthropic-ai/claude-code', '@openai/codex', and 'opencode-ai', to facilitate runtime verification against well-known services.
- [COMMAND_EXECUTION]: Utilizes Docker to create a throwaway sandbox where 'pnpm' commands and shell scripts are executed to verify file placement and configuration generation without affecting the host environment.
- [COMMAND_EXECUTION]: Implements secure practices by dropping root privileges ('su -s /bin/bash node -c') and mounting the host repository as read-only during the QA process.
Audit Metadata