qgis-core-data-providers
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides accurate and safe patterns for constructing URIs for numerous GIS data providers (OGR, PostGIS, WFS, etc.), following standard API usage.
- [SAFE]: No hardcoded credentials were identified. Code examples use generic placeholders such as 'user', 'password', and 's3cr3t_passw0rd' within documentation snippets, which are correctly handled as non-sensitive markers.
- [SAFE]: The skill includes explicit security warnings (notably in Anti-Pattern AP-004) that instruct developers to avoid exposing authentication credentials in log files or console output, demonstrating a clear focus on data privacy.
- [SAFE]: Percent-encoding used in XYZ tile templates (e.g., %7Bz%7D for {z}) is a functional requirement for the QGIS URI parser and does not represent an attempt at malicious obfuscation.
- [SAFE]: All external URL references target well-known geospatial services (OpenStreetMap, Esri) or official QGIS documentation, which are recognized as trusted sources.
- [SAFE]: The skill does not perform any unauthorized command execution, remote code execution, or persistence mechanisms; all provided logic is confined to the intended geospatial data management scope.
Audit Metadata