express-rest-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE] (SAFE): Analysis of the skill's code and documentation reveals no malicious patterns. The provided Python script and Node.js snippets are benign and serve educational purposes.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, reputable Node.js packages (express, helmet, cors, morgan, express-validator, express-rate-limit) from the official npm registry. These are well-known dependencies in the Node.js ecosystem.\n- [PROMPT_INJECTION] (SAFE): Evaluated for Indirect Prompt Injection (Category 8) vulnerability surfaces. The skill includes examples of handling user-provided data via request bodies and query parameters, but it correctly mitigates these risks by teaching the use of validation middleware.\n
- Ingestion points:
req.bodyandreq.queryinSKILL.mdroute handlers.\n - Boundary markers: None explicitly used in snippets.\n
- Capability inventory: Database interactions (
User.find,User.create) are implied in educational code.\n - Sanitization: Demonstrates usage of
express-validatorandhelmetfor security.
Audit Metadata