backend-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill functions as a static knowledge base and architectural reference. It contains no executable scripts that perform operations on the host system.
- [CREDENTIALS_UNSAFE] (SAFE): Analysis of code snippets confirms the use of best practices for secrets management. No hardcoded API keys, tokens, or passwords were found. Instead, the skill correctly demonstrates the use of environment variables (e.g.,
process.env.JWT_PRIVATE_KEY,process.env.SESSION_SECRET) and descriptive placeholders (e.g.,your-client-id). - [EXTERNAL_DOWNLOADS] (SAFE): Remote links are limited to trusted industry-standard documentation sites such as OWASP, NIST, and official technology homepages (e.g., oauth.net, opentelemetry.io, redis.io). These are used strictly for reference.
- [COMMAND_EXECUTION] (SAFE): Shell commands mentioned (e.g.,
npm audit,pip-audit) are provided as examples of security best practices for developers to run manually and do not represent automated or hidden execution by the skill. - [DATA_EXFILTRATION] (SAFE): No suspicious network operations or sensitive file access patterns were identified. Code examples using
fetchorhttpare directed at illustrative example domains. - [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the markdown body or metadata.
Audit Metadata