web-pwa-offline-first
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate architectural guidance and code patterns for offline-first PWA development using standard technologies like IndexedDB.
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety filters were detected. The use of 'CRITICAL' sections is limited to technical requirements for following the pattern.
- [DATA_EXFILTRATION]: No unauthorized data transfer or access to sensitive local files was found. Network operations are directed at relative API endpoints for health checks and data synchronization.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or API keys are present. The documentation explicitly recommends security best practices, such as using httpOnly cookies and encrypting sensitive data before storage in IndexedDB.
- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution, such as piped shell scripts or dynamic evaluation of remote strings, were found.
- [EXTERNAL_DOWNLOADS]: References to external libraries (Dexie.js, idb) and CDNs (jsdelivr.net) target well-known and trusted open-source packages in the web development ecosystem.
Audit Metadata