security-hardening
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate and high-quality security implementations including Content Security Policy (CSP), JWT verification, and audit logging. No malicious patterns were detected.
- [PROMPT_INJECTION]: Analysis of instructions and descriptions found no attempts to bypass agent safety filters or override system prompts.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file access (e.g., SSH keys), or unauthorized data exfiltration. Secret management examples correctly leverage HashiCorp Vault with environment-based configuration.
- [COMMAND_EXECUTION]: No usage of unsafe shell execution, subprocess spawning with untrusted input, or other command injection vectors.
- [EXTERNAL_DOWNLOADS]: All package references (node-vault, helmet, zod, dompurify) are to well-known and trusted libraries from standard package registries.
Audit Metadata