security-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, offering comprehensive security checklists and code examples for developers. It advocates for security-first development practices.
- [CREDENTIALS_UNSAFE]: The file contains examples of hardcoded secrets like 'sk-proj-xxxxx', but these are explicitly used as negative examples (marked with ❌) to teach developers what to avoid. No real credentials are present.
- [EXTERNAL_DOWNLOADS]: The skill recommends using well-known, industry-standard libraries such as Zod for validation and DOMPurify for sanitization. These are documented neutrally as security best practices.
Audit Metadata