backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The skill uses instructional language for coding guidelines rather than adversarial commands.
- DATA_EXFILTRATION (SAFE): The skill specifically discourages the use of raw
process.envand promotes aunifiedConfigapproach. No hardcoded credentials or unauthorized network operations were identified. - REMOTE_CODE_EXECUTION (SAFE): No remote code execution patterns, such as
curl | bashoreval(), were found. All dependencies mentioned (express,zod,@prisma/client,@sentry/node) are standard industry tools. - INDIRECT_PROMPT_INJECTION (LOW): While the skill provides templates for processing external web requests, it explicitly mandates input validation using Zod and proper error handling, which serves as a mitigation for common injection attacks in the generated code.
- OBFUSCATION (SAFE): No encoded strings, hidden characters, or homoglyph attacks were detected in the documentation or code snippets.
Audit Metadata