backend-developer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions consistently emphasize security best practices, including OWASP compliance, SQL injection prevention, role-based access control (RBAC), and sensitive data encryption.
- [SAFE]: No hardcoded credentials, API keys, or sensitive file paths were found. The skill specifically includes instructions for proper secret management and environment configuration.
- [SAFE]: No remote code execution or external download patterns (e.g., curl | bash) were detected. The skill references standard technology stacks (Node.js, Python, Go) without executing unverified scripts.
- [PROMPT_INJECTION]: The skill defines a data ingestion surface by querying system context (service architecture and database schemas) via
assets/initial_context_query.json. This represents a potential indirect prompt injection surface; however, the skill is configured with no allowed tools (allowed-tools: ''), which mitigates the risk of an attacker-controlled context triggering malicious actions. - [SAFE]: No obfuscation techniques, such as Base64 encoding of commands or hidden Unicode characters, were present in the analyzed files.
Audit Metadata