skills/laskar-ksatria/building-observable-nodejs-api/nodejs-express-backend-pattern/Gen Agent Trust Hub
nodejs-express-backend-pattern
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a standard development workflow for scaffolding a backend API. It includes security best practices such as password hashing using bcrypt, JWT-based authentication, and centralized error handling with Sentry.
- [COMMAND_EXECUTION]: The documentation provides standard shell commands for project initialization, including
git clone,npm install, andnpm run dev. These are consistent with the skill's purpose as a project bootstrapper. - [EXTERNAL_DOWNLOADS]: The skill references a repository owned by the author (
github.com/laskar-ksatria/building-observable-nodejs-api) for the project source code. This is a legitimate vendor resource. - [CREDENTIALS_UNSAFE]: The skill requires several sensitive environment variables (
MONGGO_URI,PRIVATE_KEY). It correctly manages these by instructing the user to store them in a.envfile and providing methods for generating secure secrets locally using Node.js crypto or OpenSSL. - [PROMPT_INJECTION]: No patterns of instruction override, jailbreaking, or safety filter bypass were detected in the skill instructions.
Audit Metadata