backend-api
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and code templates for backend development. All external references point to well-known services or official documentation (e.g., Cloudflare, Stripe, OpenAI, Apache).
- [INDIRECT_PROMPT_INJECTION]: The skill covers patterns for handling untrusted data via HTTP endpoints and webhooks. Although this creates an attack surface, the skill provides robust mitigation strategies.
- Ingestion points: API route handlers in
references/nodejs-patterns.mdand webhook receivers inreferences/webhook-patterns.md. - Boundary markers: The guides recommend strict Zod schemas for input validation and HMAC-SHA256 headers for webhook verification to establish clear data boundaries.
- Capability inventory: Templates include database operations (PostgreSQL/SQLite), Redis interactions, and external API requests.
- Sanitization: The skill explicitly instructs users to avoid SQL injection via parameterized queries and to validate all inputs using schemas.
Audit Metadata