twelve-factor-app-modernization
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of documentation and code examples. There are no executable scripts, automated installation routines, or hidden commands within the file.
- [DATA_EXPOSURE] (SAFE): Examples of hardcoded credentials in the snippets are explicitly labeled as anti-patterns ('Before') to demonstrate insecure practices that the guide teaches how to remediate.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill involves analyzing external application code, it defines a manual or guided process rather than an automated vulnerable ingestion point. Boundary markers for external code should be used by the agent during implementation.
- [COMMAND_EXECUTION] (LOW): Suggests the use of standard development tools (git, docker, kubectl) for application maintenance, which is consistent with the primary purpose of the skill.
Audit Metadata