backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill instructions strictly define a professional persona and coding standards. There are no attempts to bypass safety filters or override system instructions.
- [DATA_EXFILTRATION] (SAFE): No network operations or unauthorized file system access commands are present. The skill actually improves security posture by recommending a centralized configuration management system over direct environment variable access.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill identifies standard industry dependencies (Express, Prisma, Zod, Sentry) but does not contain commands to download or execute remote scripts or unverified third-party code.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to analyze and refactor user-provided backend code. While it lacks explicit boundary markers for separating code-as-data from instructions, the guidelines it enforces (like mandatory Zod validation) are designed to sanitize the very data paths that attackers would use in a production environment.
- [COMMAND_EXECUTION] (SAFE): The skill does not contain any shell commands, subprocess calls, or runtime execution patterns.
Audit Metadata