javascript-strict
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructional content aimed at improving code quality and security in JavaScript (Node.js) environments.
- [SAFE]: It explicitly warns against and provides alternatives for dangerous functions such as
eval(),new Function(), andinnerHTML, which are primary vectors for injection and XSS attacks. - [SAFE]: The skill promotes secure secret management by instructing developers to use environment variables (
.envfiles) and process-level environment access instead of hardcoding sensitive credentials. - [SAFE]: It correctly identifies security-sensitive operations, such as generating tokens, and recommends using the cryptographically secure
node:cryptomodule over non-secure alternatives likeMath.random(). - [SAFE]: The documentation includes guidance on using modern Node.js features like the permission model (
--permission) to restrict filesystem and network access, supporting the principle of least privilege.
Audit Metadata