backend-api
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a purely instructional guide for building and auditing HTTP APIs. It adheres to modern security standards such as OAuth 2.0 Best Current Practices (RFC 9700) and Problem Details for HTTP APIs (RFC 9457).
- [PROMPT_INJECTION]: The 'AI Self-Check' and workflow instructions are standard operational constraints designed to ensure the quality and consistency of the agent's output. No attempts to bypass safety filters or override system-level instructions were found.
- [DATA_EXFILTRATION]: No patterns of data exfiltration or credential harvesting were detected. Code examples correctly demonstrate the use of environment variables for secrets (e.g.,
CURSOR_SECRET) and emphasize keeping authentication tokens out of browser storage. - [EXTERNAL_DOWNLOADS]: The skill does not perform or instruct the agent to perform any external package installations or remote script downloads.
- [COMMAND_EXECUTION]: There are no shell commands or subprocess execution patterns intended for the agent to run on its local environment.
- [DATA_EXPOSURE]: Examples use generic identifiers (e.g.,
cus_123,ord_456) and do not contain hardcoded credentials or sensitive file paths.
Audit Metadata