secure-node-typescript
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): Comprehensive review of the four provided files confirms that the skill is purely instructional and configuration-based.
- [PROMPT_INJECTION] (SAFE): The instructions in SKILL.md and reference files are strictly focused on developer guidance and do not contain any attempts to bypass AI safety filters or override agent behavior.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly promotes the use of environment variables for secrets. Hardcoded strings in examples (e.g., 'secret123') are clearly identified as insecure patterns to avoid.
- [EXTERNAL_DOWNLOADS] (SAFE): While the skill references various npm packages (e.g., argon2, helmet, zod), these are standard, reputable libraries used in the context of implementing the recommended security measures.
- [COMMAND_EXECUTION] (SAFE): The skill mentions a Python script (scripts/audit-tsconfig.py) for local configuration auditing. This is a common utility for such a skill and does not involve remote execution or suspicious piping of untrusted data.
Audit Metadata