saas-scaffolder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a legitimate and secure blueprint for generating SaaS applications using industry-standard frameworks.
- [SAFE]: Hardcoded credential patterns found in the
.env.examplefile (such assk_test_...) are standard development placeholders and do not represent actual exposed secrets. - [SAFE]: The provided Stripe webhook handler implementation correctly uses signature verification (
stripe.webhooks.constructEvent) to protect against request spoofing. - [SAFE]: Database schemas and queries utilize Drizzle ORM, which provides built-in protection against SQL injection through parameterized queries.
- [SAFE]: Multi-tenancy logic includes necessary checks for workspace scoping in queries, reducing the risk of unauthorized data access between tenants.
Audit Metadata