backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Documentation & Scope] (SAFE): The skill consists entirely of Markdown files providing development guidance. It does not include scripts, binaries, or automated tasks that could interact with the host system or external networks.
- [Data Exposure & Exfiltration] (SAFE): The configuration guide (configuration.md) explicitly instructs developers NOT to commit secrets and provides patterns for environment variable fallbacks. Code examples for Sentry integration (sentry-and-monitoring.md) include mandatory PII scrubbing logic using 'beforeSend' to mask emails and delete authorization headers.
- [Prompt Injection] (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The language is purely instructional and focused on software engineering standards.
- [Dependency Analysis] (LOW): The skill references standard, trusted Node.js libraries including 'express', 'zod', '@prisma/client', and '@sentry/node'. It also references a scoped package '@project-lifecycle-portal/database' which appears to be a internal project-specific library. These are used in code snippets for illustrative purposes.
- [Indirect Prompt Injection] (SAFE): The skill does not process external data or user-provided content at runtime. It serves as a static knowledge base for the AI agent.
Audit Metadata