coding-node
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing well-known and trusted Node.js packages such as Express, Fastify, Hono, Mongoose, and Dotenv using standard package managers (npm, pnpm). These are recognized technology components and do not escalate the verdict.
- [COMMAND_EXECUTION]: The skill provides standard project initialization and dependency management commands (npm init, pnpm add) common to Node.js development.
- [PROMPT_INJECTION]: The skill defines patterns for building web servers that ingest external data, representing a potential indirect prompt injection surface. However, this is inherent to the skill's primary purpose of teaching web development. 1. Ingestion points: Data enters the application through request objects (req) in Express, Fastify, and Hono route handlers. 2. Boundary markers: None provided in the simplified code examples. 3. Capability inventory: Applications created using the skill use file system (fs) and network (http) modules. 4. Sanitization: The skill mentions input validation for performance and application stability. Given the use case, this is assessed as a safe guidance level.
Audit Metadata