backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is entirely instructional, focusing on software engineering best practices for Node.js, Express, and TypeScript. It does not contain executable malicious scripts or commands.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation mentions configuration variables like
JWT_SECRETandDB_PASSWORDbut treats them as architectural examples. It includes explicit warnings to not commit secrets and provides guidance on using.gitignorefor configuration files. - [DATA_EXFILTRATION] (SAFE): The skill encourages the use of Sentry for observability but includes specific implementation patterns to scrub sensitive data, such as removing 'Authorization' and 'Cookie' headers and masking email addresses to protect PII.
- [EXTERNAL_DOWNLOADS] (SAFE): References standard, reputable libraries and frameworks (Prisma, Sentry, Zod, Express). No suspicious third-party dependencies or remote script downloads are present.
- [PROMPT_INJECTION] (SAFE): While the skill uses instructional directives to define a persona ("senior backend engineer"), it does not attempt to bypass safety filters, extract system prompts, or disregard core agent instructions.
Audit Metadata