framework-core
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a configuration and reference library for a QA boilerplate, initializing project files (AGENTS.md, .agents/ config) using static internal templates.
- [SAFE]: Credential security is prioritized; the skill includes explicit instructions for the agent to never hardcode passwords and to use .env files exclusively for Atlassian API tokens and other secrets.
- [SAFE]: Data processing scripts (e.g., sync-jira-fields.ts) utilize a slugification process that effectively sanitizes external metadata from Jira before persisting it, mitigating indirect prompt injection risks.
- [SAFE]: All network operations are directed at well-known, official service endpoints (Atlassian Jira API) and are strictly scoped to the skill's stated purpose of synchronizing project management metadata.
- [SAFE]: Local command examples (e.g., using the GitHub CLI) are provided for documentation purposes and align with standard developer workflows for CI/CD artifact management.
Audit Metadata