Skills
NYC
skills/aj-geddes/useful-ai-prompts/nodejs-express-server/Gen Agent Trust Hub

nodejs-express-server

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECREDENTIALS_UNSAFE
Full Analysis
  • CREDENTIALS_UNSAFE (LOW): The skill contains hardcoded placeholder credentials within the 'Complete Example' section. While intended as examples, these are provided as string literals in security-sensitive functions.
  • Evidence: const sequelize = new Sequelize('postgres://user:pass@localhost/db'); in SKILL.md.
  • Evidence: jwt.verify(token, 'secret', (err, user) => ...) in SKILL.md.
  • Indirect Prompt Injection (LOW): The skill defines a surface for processing untrusted data which is subsequently used in database operations without explicit sanitization in the example code.
  • Ingestion points: req.body used in POST and PATCH routes in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or warnings to ignore instructions within the processed request data in the examples.
  • Capability inventory: Database write/create operations (User.create, user.update), file system access (via dotenv), and network listening (app.listen).
  • Sanitization: Absent in the 'Complete Example'; the code User.create(req.body) is specifically vulnerable to mass assignment attacks where an attacker can inject unauthorized fields (e.g., role: 'admin').
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:46 PM