backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The content consists entirely of instructional documentation and development standards. There are no attempts to override system prompts or bypass safety guidelines.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, API keys, or sensitive file paths were found. The skill explicitly advises against using
process.envdirectly, favoring a unified configuration management approach. - [Obfuscation] (SAFE): The markdown is clear and readable. No Base64, zero-width characters, or other encoding techniques are used to hide content.
- [External Downloads / RCE] (SAFE): While the skill references common Node.js libraries, it does not include commands to download or execute external scripts (
npm install,curl | bash, etc.) at runtime. - [Privilege Escalation] (SAFE): No commands involving
sudo,chmod, or system-level modifications are present. - [Persistence Mechanisms] (SAFE): The skill does not contain instructions to modify startup scripts, cron jobs, or registry keys.
Audit Metadata