Security Audit

qa-regression

github.com/skillcreatorai/Ai-Agent-Skills

AI SkillCommit 6195a031c29c

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

qa-regression received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependencies in Setup Instructions, Potential Data Exfiltration via Dynamic API Endpoint.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned Dependencies in Setup Instructions The `npm install` command in the setup instructions does not specify exact versions for `playwright` and `@playwright/test`. This can lead to non-deterministic builds, unexpected breaking changes, or the introduction of vulnerabilities if a new version of a dependency contains malicious code. While `npm ci` is used in the CI workflow, local development setups might still use `npm install`. Pin dependency versions in `package.json` (e.g., `"playwright": "^1.30.0"`) and use `npm install` or `npm ci` consistently. For local setup, recommend `npm ci` if a `package-lock.json` is provided, or explicitly state versions in the `npm install` command.	Static	SKILL.md:12
MEDIUM	Potential Data Exfiltration via Dynamic API Endpoint The `deleteTestUser` helper function constructs an API call using `process.env.API_URL` and includes `process.env.ADMIN_TOKEN` in the Authorization header. If the `API_URL` environment variable is not properly secured or validated, an attacker could potentially manipulate it to point to a malicious server. This would result in the `ADMIN_TOKEN` being sent to an attacker-controlled endpoint, leading to credential exfiltration. Ensure that `process.env.API_URL` is always set to a trusted and validated endpoint in the execution environment. Implement strict environment variable management and access controls. Consider adding runtime validation for the `API_URL` format or domain if possible, although this might be complex in a testing context.	Static	SKILL.md:160

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/96f2c1a093116ed6.svg)](https://skillshield.io/report/96f2c1a093116ed6)