backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill consists of documentation and code examples intended for developer guidance. No malicious executable scripts or automated attack vectors were detected.
- PROMPT_INJECTION (SAFE): The instructions use a professional persona ('senior backend engineer') to set architectural context. No patterns suggestive of instruction overrides, safety filter bypasses, or jailbreak attempts were found.
- CREDENTIALS_UNSAFE (SAFE): Code snippets for JWT secrets, database connection strings, and Sentry DSNs consistently use non-functional placeholders (e.g., 'your-sentry-dsn', 'your-jwt-secret') rather than hardcoded credentials.
- DATA_EXFILTRATION (SAFE): The Sentry integration guide includes explicit security measures such as PII masking (email scrubbing) and the removal of sensitive headers (Authorization, Cookies) before data is transmitted to the observability platform.
- EXTERNAL_DOWNLOADS (SAFE): The skill references standard, reputable libraries (Express, Prisma, Zod, Sentry). It does not include commands for downloading or executing arbitrary remote scripts.
Audit Metadata