Skills
skills/iliaal/compound-engineering-plugin/nodejs-backend/Gen Agent Trust Hub

nodejs-backend

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides industry-standard security recommendations, including the use of Helmet for security headers, Zod/TypeBox for boundary validation, and bcrypt/argon2 for password hashing.
  • [SAFE]: Guidance on authentication correctly identifies patterns for secure JWT management, such as short-lived access tokens and revocable refresh tokens stored in a database.
  • [SAFE]: The skill promotes secure secret management, explicitly advising developers to use environment variables and never commit secrets to version control.
  • [SAFE]: All referenced Node.js packages and frameworks (e.g., Fastify, NestJS, Prisma, Drizzle, Hono) are well-known, widely-used, and legitimate ecosystem tools.
  • [SAFE]: Recommended production patterns, such as multi-stage Docker builds using alpine images and running with non-root configurations (npm ci --omit=dev), align with security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 02:12 PM