quality-gates
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Standard Command Verification: The skill orchestrates the verification of build and test outcomes by checking return codes and command execution logs. This is a core part of its functional validation logic.
- Secure Dependency Enforcement: A significant security feature is the requirement for 'frozen' dependency installations (e.g., 'npm ci', 'yarn install --immutable'). This prevents unauthorized or unexpected package updates during the build process.
- Read-Only Code Policy: The instructions explicitly forbid the modification of source code, restricting the skill's operations to writing checklists, reports, and validation checkpoints. This minimizes the risk of accidental or malicious code changes.
- Indirect Data Processing Consideration: The skill evaluates results based on data from external worker artifacts (ingested in 'references/gate-completeness.md'). While there are no explicit sanitization routines or boundary markers mentioned for these inputs, the skill uses these artifacts solely for its intended capability of determining gate verdicts (PASS/FAIL) and does not execute the data as code.
Audit Metadata