backend-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The
deploy.shscript utilizes standard deployment tools (Docker, kubectl, AWS/GCP CLIs) to manage application lifecycles. These operations are transparent and consistent with the skill's stated purpose. - [DATA_EXFILTRATION] (SAFE): Analysis of the source code confirms no hardcoded API keys, tokens, or unauthorized network requests. Sensitive configuration is handled via environment variables as per industry standards.
- [DYNAMIC_EXECUTION] (LOW): The skill includes several Python scripts that generate and write executable source code (TypeScript, Python, Shell) to the local filesystem. This is the intended functionality of the skill and relies on internal templates rather than untrusted remote content.
- [INDIRECT_PROMPT_INJECTION] (LOW): Scripts like
generate_docs.pyaccept external JSON configuration files to populate API metadata. While this represents a theoretical ingestion surface for untrusted data, the risk is negligible as it only affects local documentation generation and lacks a mechanism for downstream escalation.
Audit Metadata