env-config
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and documents industry-standard security practices for environment variable management.
- [SAFE]: The skill provides clear guidance on preventing secret exposure by correctly distinguishing between server-side variables and those prefixed with
NEXT_PUBLIC_for client-side use. - [SAFE]: Recommended Node.js packages (
@t3-oss/env-nextjs,zod) are well-known, widely used, and appropriate for the intended purpose of runtime environment validation. - [SAFE]: All credential examples provided in the documentation and code snippets use obvious placeholders (e.g.,
sk_test_...,your-anon-key,generate-with-openssl) rather than real secrets. - [SAFE]: The instructions explicitly recommend using
.gitignoreto prevent sensitive.env.localfiles from being committed to version control systems.
Audit Metadata