node-writing-code
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data through Fastify route handlers, creating a surface for indirect prompt injection. The skill provides remediation via Zod validation schemas to sanitize inputs before they reach business logic. Evidence: Ingestion points in SKILL.md and references/api-patterns.md; Capability inventory includes database and network operations; Sanitization using Zod parse and safeParse methods.
- [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted NPM packages from the Fastify, Prisma, and Drizzle ecosystems. It also facilitates integration with official Google OAuth services for authentication.
- [COMMAND_EXECUTION]: Defines a verification protocol that executes standard local development commands such as pnpm run type-check and pnpm run lint to ensure code quality after changes.
Audit Metadata