Skills
skills/popup-studio-ai/bkit-claude-code/zero-script-qa/Gen Agent Trust Hub

zero-script-qa

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill contains architectural guidance and code snippets for logging middleware and API clients. These patterns (JSON formatting, Request ID propagation) are standard industry practices for observability.
  • [COMMAND_EXECUTION]: The skill includes instructions for monitoring Docker logs and an E2E shell script template using curl. These operations are well-scoped to the stated purpose of QA monitoring and do not involve unauthorized execution.
  • [PROMPT_INJECTION]: The skill identifies the agent's role as a monitor for log streams. While this introduces an indirect prompt injection surface (Category 8) by ingesting external log data, the skill includes no patterns to exploit this surface and the risk is assessed as safe within the intended QA context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:53 AM
Security Audit — agent-trust-hub — zero-script-qa