security-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious instructions, prompt injection attempts, or unauthorized data access patterns were detected. The skill is purely informational and provides valid defensive security code snippets.
- [CREDENTIALS_UNSAFE] (INFO): The skill contains placeholder secrets in example configuration files (e.g.,
sk_test_xxx,ACCESS_TOKEN_SECRET). These are explicitly documented as examples, and the skill includes strong warnings (MUST NOT) against hardcoding or committing real secrets. - [EXTERNAL_DOWNLOADS] (INFO): The code snippets reference standard, well-known Node.js security packages including
helmet,joi,isomorphic-dompurify, andcsurf. No automated or untrusted downloads are performed.
Audit Metadata