Security Audit

qa-regression

github.com/skillcreatorai/Ai-Agent-Skills

AI SkillCommit 6195a031c29c

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

qa-regression received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependencies in Setup Instructions, Potential Data Exfiltration via Dynamic API Endpoint.

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned Dependencies in Setup Instructions The `npm install` command in the setup instructions does not specify exact versions for `playwright` and `@playwright/test`. This can lead to non-deterministic builds, unexpected breaking changes, or the introduction of vulnerabilities if a new version of a dependency contains malicious code. While `npm ci` is used in the CI workflow, local development setups might still use `npm install`. Pin dependency versions in `package.json` (e.g., `"playwright": "^1.30.0"`) and use `npm install` or `npm ci` consistently. For local setup, recommend `npm ci` if a `package-lock.json` is provided, or explicitly state versions in the `npm install` command.	Unknown	SKILL.md:12
MEDIUM	Potential Data Exfiltration via Dynamic API Endpoint The `deleteTestUser` helper function constructs an API call using `process.env.API_URL` and includes `process.env.ADMIN_TOKEN` in the Authorization header. If the `API_URL` environment variable is not properly secured or validated, an attacker could potentially manipulate it to point to a malicious server. This would result in the `ADMIN_TOKEN` being sent to an attacker-controlled endpoint, leading to credential exfiltration. Ensure that `process.env.API_URL` is always set to a trusted and validated endpoint in the execution environment. Implement strict environment variable management and access controls. Consider adding runtime validation for the `API_URL` format or domain if possible, although this might be complex in a testing context.	Unknown	SKILL.md:160

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/96f2c1a093116ed6.svg)](https://skillshield.io/report/96f2c1a093116ed6)