secure-code-guardian
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill instructions, constraints, and reference materials are well-aligned with established security engineering principles and secure coding practices.
- [EXTERNAL_DOWNLOADS]: The skill provides implementation examples using reputable and well-known Node.js security libraries, including bcrypt for password hashing, jsonwebtoken for session management, and DOMPurify for XSS prevention.
- [COMMAND_EXECUTION]: The code references include explicit warnings against unsafe command execution patterns (e.g., using exec) and provide secure alternatives such as using execFile with argument arrays.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or credentials were found; the skill correctly advises using environment variables and secret managers for sensitive data like JWT secrets and database credentials.
Audit Metadata