best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a documentation reference for web development standards and contains no active code components.
- [EXTERNAL_DOWNLOADS]: References common tools such as npm audit and securityheaders.com which are established industry resources.
- [PROMPT_INJECTION]: The skill ingests user code for auditing via requests like "security audit". It lacks boundary markers and sanitization, but poses no risk as it has no functional capabilities like file access or subprocess execution to exploit.
Audit Metadata