security-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing best practices for securing applications and cloud infrastructure. It correctly identifies high-risk patterns (like hardcoded credentials and SQL concatenation) and provides secure alternatives.
- [INDIRECT_PROMPT_INJECTION]: The skill functions as a code and configuration reviewer, which introduces an indirect injection surface if the data being reviewed contains malicious instructions.
- Ingestion points: User-provided source code, environment configurations, and infrastructure-as-code files (e.g., Terraform, YAML).
- Boundary markers: The skill does not define specific boundary markers for the data it analyzes.
- Capability inventory: The skill itself does not have execution capabilities; it only provides guidance and review checklists.
- Sanitization: The skill emphasizes and provides examples for using validation and sanitization libraries such as
zodanddompurifyto handle untrusted input. - [SAFE]: References to external services and repositories (AWS, Supabase, Cloudflare, Vercel, GitHub) target well-known, trusted organizations and are documented as part of standard security configurations.
Audit Metadata