recovery-coach-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): Analysis of the skill instructions and code templates reveals a strong focus on security and compliance.
- Input Validation: The skill mandates the use of Zod for schema validation of all external inputs in API routes.
- Access Control: Patterns include session-based authentication and administrative privilege checks before sensitive operations.
- Data Privacy & Compliance: Explicit patterns are provided for HIPAA-compliant audit logging (logPHIAccess) and Drizzle ORM Row Level Security (RLS) to ensure users only access their own data.
- Defensive Infrastructure: Templates include rate limiting logic to protect endpoints from abuse.
- Tool Usage: While the skill requests Bash access for npm and npx, this is strictly limited to development lifecycle tasks (linting, testing) and is appropriate for the skill's stated purpose as a development patterns guide.
Audit Metadata