backend-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is instructional and follows professional standards.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets or credentials were found. Code snippets use environment variable placeholders (e.g.,
process.env.JWT_PRIVATE_KEY) or generic example URLs. No network exfiltration patterns are present. - Obfuscation (SAFE): No Base64-encoded commands, zero-width characters, homoglyphs, or other obfuscation techniques were detected in the markdown or code snippets.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard industry libraries (NestJS, FastAPI, etc.) but does not include scripts that download or execute remote code at runtime. No 'curl | bash' patterns exist.
- Privilege Escalation (SAFE): No commands for escalating system privileges (e.g., sudo, chmod 777) or modifying system configurations were found.
- Persistence Mechanisms (SAFE): The skill does not attempt to create cron jobs, modify shell profiles, or establish any other form of persistence.
- Metadata Poisoning (SAFE): Metadata fields (name, description, author, version) are accurate and do not contain hidden instructions or deceptive content.
- Indirect Prompt Injection (SAFE): The skill is a static reference and does not ingest untrusted external data that could be used for indirect injection attacks.
- Time-Delayed / Conditional Attacks (SAFE): No logic was found that gates functionality based on date, time, or specific environment triggers.
- Dynamic Execution (SAFE): The provided code snippets are for template use and do not involve runtime code generation, unsafe deserialization (e.g., pickle), or process injection.
Audit Metadata