skills/jeremylongshore/claude-code-plugins-plus-skills/building-api-authentication/Gen Agent Trust Hub
building-api-authentication
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates secure authentication principles, including password hashing with bcrypt/Argon2, refresh token rotation, and RBAC implementation.
- [SAFE]: Sensitive data management follows best practices, instructing users to store secrets in environment variables or dedicated secret managers rather than hardcoding them.
- [SAFE]: Tool usage is properly restricted in the frontmatter, and the instructions for generating boilerplate code leverage these restricted commands in a way that aligns with the skill's specific domain.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. (1) Ingestion points: Grep and Read tools are used to examine local project configuration and API specifications. (2) Boundary markers: Absent. (3) Capability inventory: Write, Edit, and restricted Bash tool access. (4) Sanitization: Absent.
Audit Metadata