bcms-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents and enforces security best practices for secret management, explicitly instructing the agent to use environment variables for BCMS API keys and avoid hard-coding credentials in source code or client-side bundles.
- [SAFE]: All external documentation links and resource references target official vendor domains (thebcms.com).
- [SAFE]: The skill provides guidance on using official packages (@thebcms/*) and standard CLI tools (bcms, npx) for development tasks.
- [SAFE]: Instructions include security-critical patterns such as verifying webhook signatures, checking timestamps, and validating permissions before performing destructive operations on production data.
Audit Metadata