platform-engineering
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational resource and audit rulebook for application development. It contains no executable scripts or malicious instructions.
- [EXTERNAL_DOWNLOADS]: The documentation references numerous industry-standard libraries and tools (e.g., SimpleWebAuthn, Electron, Tauri, TanStack Query, Dexie.js). All provided links point to official documentation, W3C/IETF specifications, or reputable security organizations (OWASP, GitHub Security).
- [COMMAND_EXECUTION]: The references include CLI command examples for security hardening (such as Electron Fuses configuration or building with electron-builder). These are documented for the user's benefit and are not instructions for the agent to execute shell commands.
- [CREDENTIALS_UNSAFE]: The skill explicitly warns against storing credentials in frontend code and provides guidance on using secure, platform-native storage solutions like iOS Keychain and Android Keystore.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill is designed to review user-provided source code and architecture documents (SKILL.md).
- Boundary markers: No explicit boundary markers are defined to isolate audited content from the agent's instructions.
- Capability inventory: The skill does not request or use any tool capabilities (such as shell, filesystem, or network access).
- Sanitization: No sanitization is performed as the skill is a passive documentation resource.
Audit Metadata