backend-development
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters. The instructional content is technical and professional in nature.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized data access patterns detected. The skill correctly advocates for using environment variables for secrets management.
- Obfuscation (SAFE): No encoded, hidden, or suspicious characters (zero-width, homoglyphs) were found in the analyzed files.
- Unverifiable Dependencies & RCE (SAFE): Referenced libraries (e.g., jsonwebtoken, argon2, pg, helmet) are standard industry packages. No remote script execution or dangerous download patterns were identified.
- Indirect Prompt Injection (LOW): As a reference skill, it provides guidance rather than active data processing tools. It correctly emphasizes input validation and sanitization as critical security requirements for handling external data.
- Dynamic Execution (SAFE): No use of dangerous dynamic execution functions like eval(), exec(), or unsafe deserialization patterns was found.
Audit Metadata