nodejs-express-server
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Environment Variable Usage. The skill uses process.env for JWT_SECRET and database credentials, following security best practices.
- [SAFE]: Secure Credential Storage. The skill uses bcrypt to hash passwords before storing them in the database to prevent plain-text exposure.
- [SAFE]: SQL Injection Prevention. Database interactions are handled via the Sequelize ORM, which mitigates SQL injection risks through query parameterization.
- [SAFE]: Production Error Handling. The skill includes an error-handling middleware that prevents the exposure of sensitive stack traces in production environments.
- [SAFE]: Indirect Prompt Injection Surface. The skill creates a web server that processes untrusted data. 1. Ingestion points: req.body, req.query, and req.params in SKILL.md. 2. Boundary markers: Not implemented in snippets. 3. Capability inventory: Database write and delete operations via Sequelize. 4. Sanitization: Input is processed through an ORM, protecting the data layer.
Audit Metadata