security-testing
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill integrates well-known security tools and GitHub Actions from established organizations, including ZAP, Snyk, Semgrep, and TruffleSecurity.
- [SAFE]: All code examples for testing injection (SQLi, XSS) and authentication failures follow security best practices, using placeholders for tokens and advocating for the use of environment variables rather than hardcoded credentials.
- [SAFE]: The instructions for dependency scanning and SAST correctly recommend official registries and plugins (e.g., eslint-plugin-security).
- [SAFE]: The skill uses a context file (
.agents/qa-project-context.md) to inform its testing strategy, which is a standard pattern for scoping automated agent tasks without introducing malicious instructions.
Audit Metadata