performance-testing
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The provided k6 load testing script example contains hardcoded dummy credentials ('email: loadtest@example.com' and 'password: testpassword'). These are clearly marked as test data for a tutorial-style guide and do not represent a real credential leak.
- [COMMAND_EXECUTION]: The documentation includes GitHub Actions workflow examples that utilize 'sudo' to configure gpg keys and install the k6 binary via the apt package manager. These commands are standard for setting up the required environment in CI runners.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install external tools including k6 from its official repository (dl.k6.io) and the Lighthouse CI CLI (@lhci/cli) from the public npm registry. These are well-known, legitimate software sources used for performance engineering.
Audit Metadata