agent-backend
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill explicitly instructs the user to use parameterized queries to prevent SQL injection vulnerabilities.
- [COMMAND_EXECUTION]: Executes standard local development commands such as
npm run test,npm run build, andnpm run type-check. These are used for validation purposes within the project environment. - [DATA_EXPOSURE]: The skill reads local project files, such as
docker/postgres/init.sqlandCLAUDE.md, to ensure that the code implementation aligns with the existing database schema and project conventions. - [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface as it reads local configuration and schema files (e.g.,
init.sql,AGENTS.md). While it lacks explicit boundary markers for this data, its capabilities are restricted to standard development tools (Bash, Read, Write), and it does not perform network operations, making the risk negligible.
Audit Metadata