software-engineer
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security posture by providing extensive documentation on preventing PII in logs, avoiding hardcoded secrets, and enforcing resource-level authorization checks in Server Actions.
- [SAFE]: Instructions explicitly warn against common security pitfalls such as string-interpolated SQL, unvalidated inputs, and insecure deserialization (e.g., pickle/yaml) in the language-specific 'footguns' reference.
- [SAFE]: The workflow requires explicit user approval for technical plans and walking skeletons before full implementation, ensuring human-in-the-loop oversight.
- [SAFE]: The skill leverages internal subagents (Explorer, Architect, Reviewer) with scoped prompts designed for safe codebase analysis and architectural review without external code execution.
- [SAFE]: Comprehensive guidance on framework-specific boundaries (Next.js Server/Client components and TanStack Start .server suffixes) proactively prevents accidental data leaks.
Audit Metadata