nodejs-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is entirely composed of instructional markdown. It does not contain any scripts, binary files, or executable logic.
- [DATA_EXFILTRATION] (SAFE): No patterns for unauthorized data access or network exfiltration were found. The skill emphasizes keeping internal details out of error responses for security.
- [EXTERNAL_DOWNLOADS] (SAFE): While the skill mentions numerous popular Node.js frameworks and libraries (e.g., Hono, Fastify, Zod), it does not provide commands to download or execute external code automatically.
- [PROMPT_INJECTION] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected. The instructions provided are focused on technical decision-making logic.
- [CREDENTIALS_UNSAFE] (SAFE): The skill explicitly advises against hardcoding secrets and recommends using environment variables, aligning with security best practices.
Audit Metadata