secure-headers-csp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill focuses on enhancing web application security through the implementation of standard HTTP headers such as HSTS, X-Frame-Options, and CSP.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references several standard Node.js packages (express, helmet, supertest, vitest, aws-sdk). These are well-known, reputable libraries used for their intended purposes.
- [DATA_EXFILTRATION] (SAFE): The violation reporter endpoint (/api/csp-report) logs CSP violations to console and AWS CloudWatch. This is a standard security monitoring practice and does not involve exfiltrating sensitive user data to unauthorized third parties.
- [PROMPT_INJECTION] (SAFE): No prompt injection or behavior override patterns were found in the skill metadata or instructions.
- [COMMAND_EXECUTION] (SAFE): No dangerous system command executions or shell injections were detected.
Audit Metadata