backend-dev
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to bypass AI safety guardrails, override system prompts, or elicit restricted behavior. The persona is strictly professional and task-oriented.
- [CREDENTIALS_UNSAFE] (SAFE): While
CONTEXT.mdcontains environment variable keys likeJWT_SECRETandMYSQL_PASSWORD, they use safe placeholder values such as 'your_jwt_secret' and 'secure'. This follows safe documentation practices. - [DATA_EXFILTRATION] (SAFE): No patterns of sensitive file access (e.g., SSH keys, AWS credentials) combined with external network requests were detected. The skill explicitly forbids printing sensitive data in logs.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill identifies an attack surface where it processes 'Task Cards' from external sources (Product Planner/Reviewer).
- Ingestion points: Processes task cards and coordination requests in
FLOW.mdandREADME.md. - Boundary markers: No specific delimiters or 'ignore' instructions for the content of the task cards are defined.
- Capability inventory: Has the capability to perform database migrations, write source code, and execute local scripts.
- Sanitization: The skill mandates the use of Joi/Zod for input validation and Knex parameterization for database queries, which provides defense-in-depth against data-level injections.
- [COMMAND_EXECUTION] (SAFE): Mentions of scripts (e.g.,
scripts/*.sh) are restricted to local development tasks like starting the app or running tests, which is standard for this role.
Audit Metadata