Did you just read a marketing blurb on their landing page and decide after 5 seconds they don't do unit testing? I guess we can also assume they don't brush their teeth every morning because they didn't mention that either.
Actually I read the entire documentation and browsed the source code.
https://www.talos.dev/v1.0/learn-more/philosophy/ "Security" section makes no mention of independent audits. It just boldly claims "There are no passwords in Talos" as if that was a panacea for security.
The existing integration tests don't verify any assumptions about security, only that the configuration is valid. Please correct me if I'm wrong or missed anything.
If you're going to call something "secure" you need to prove it.
They didn’t call it secure as per your initial quote. They say it is designed to have a small attack surface. You missed to acknowledge that security means different things for different contexts. Besides, it’s a free offering, clearing issues with insecurities other offerings have. If you want something to be more secure, you can point out flaws you find in the intended way (filing issues) which might help improve the situation. Calling it out the way you did (probably without trying the tool and even more likely without having substantial knowledge of better approachable alternatives in the space) doesn’t help at all.
So, no actual threat modelling, third party audits or integration and unit testing is done? Yes, that appears so.