dbos-typescript
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide for the DBOS framework.
- All provided code examples demonstrate standard usage of the DBOS SDK for building durable workflows.
- The architectural advice (e.g., keeping workflows deterministic, using steps for external side effects) aligns with official DBOS security and reliability recommendations.
- [SAFE]: External dependencies are restricted to well-known and official packages.
- The skill references the official
@dbos-incnpm scope for its SDK and datasource integrations. - Other dependencies mentioned (express, pg, jest) are standard industry tools for Node.js development.
- [SAFE]: Secret management practices are secure.
- Documentation consistently instructs users to source sensitive connection strings from environment variables (e.g.,
process.env.DBOS_SYSTEM_DATABASE_URL) rather than hardcoding credentials. - [SAFE]: No malicious patterns detected.
- No evidence of prompt injection, obfuscated code, hidden URLs, or unauthorized data exfiltration mechanisms were found across the 35 analyzed files.
Audit Metadata