backend-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill is designed to ingest external data such as 'Product requirement lists' and 'Functional specifications'. While this creates an input surface, the skill's primary output is document generation and code implementation guidance without self-executing capabilities.
- Ingestion points: Workflow steps 1 and 2 (Functional specifications, requirement lists).
- Boundary markers: Absent in the instructions.
- Capability inventory: None (the skill provides guidance for a persona but does not contain scripts to execute code or make network calls).
- Sanitization: None specified in the instructions.
- Category 4: Unverifiable Dependencies & RCE (SAFE): The skill mentions various backend technologies (Spring Boot, Django, Express) as background knowledge but does not include any commands to download or execute external scripts.
- General Security Posture: The content is purely instructional and follows industry best practices for software engineering roles.
Audit Metadata