qa-cli
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes user-provided CLI tools and standard system utilities (grep, sed, jq, timeout, etc.) to perform auditing. It correctly uses Bash array expansion and quoting (e.g.,
"${CMD[@]}") to prevent shell injection vulnerabilities when handling tool arguments. - [DATA_EXFILTRATION]: The skill records environment variables using
printenvto ensure reproducibility in QA reports. While this accesses environment data, the skill includes clear instructions to avoid logging secrets (tokens, passwords, auth headers) and operates entirely within the local filesystem (writing to/tmp/and./qa-reports/) without initiating unauthorized network requests. - [REMOTE_CODE_EXECUTION]: No patterns of downloading and executing remote scripts or unverified dependencies were found. The skill relies on standard system tools and the specific CLI binary provided by the user for testing.
Audit Metadata