backend-scaffold
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a mandatory human-in-the-loop checkpoint ('HARD STOP') requiring explicit user verification of the architecture plan before Phase 2 (Generation) can begin.
- [SAFE]: Write operations are restricted via 'allowed-tools' to the specific directory '$JAAN_OUTPUTS_DIR/backend/scaffold/**', ensuring that the agent cannot overwrite sensitive system files or configuration outside of its designated output path.
- [SAFE]: The logic includes explicit security constraints in the 'Anti-Patterns to NEVER Generate' section, specifically forbidding the generation of hardcoded secrets, missing error handling, and unsafe database patterns.
- [SAFE]: Use of shell scripts ('id-generator.sh', 'index-updater.sh') is limited to internal plugin paths within '${CLAUDE_PLUGIN_ROOT}', representing trusted infrastructure calls for utility purposes.
- [SAFE]: All third-party library recommendations (Fastify, Prisma, Zod, Laravel, etc.) are restricted to well-known, reputable packages from standard registries, with no signs of typosquatting or malicious dependency injection.
Audit Metadata