backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (INFO): No malicious behavior or patterns detected. The skill serves as a documentation-based coding standard for backend development.
- [PROMPT_INJECTION] (SAFE): The role definition ('senior backend engineer') is focused on architectural guidance and does not contain instructions to override system prompts or bypass safety filters.
- [DATA_EXPOSURE & EXFILTRATION] (SAFE): The skill enhances security by forbidding direct usage of 'process.env' and requiring 'unifiedConfig'. It promotes observability via Sentry but does not include commands to exfiltrate sensitive files.
- [UNVERIFIABLE DEPENDENCIES] (LOW): While the skill references common libraries like Prisma, Express, and Zod, it does not execute remote scripts or download untrusted packages at runtime.
- [INDIRECT PROMPT INJECTION] (LOW): The skill defines an attack surface by instructing the agent to handle external data (webhooks, request bodies). However, it mitigates this risk by mandating strict schema validation with Zod.
Audit Metadata