owasp-security
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and reference guide for secure coding practices following the OWASP Top 10 guidelines. It contains various TypeScript code snippets that demonstrate correct security patterns (e.g., parameterized queries, input validation with Zod, and role-based access control) alongside 'BAD' examples to illustrate vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill mentions common security tools and libraries such as Snyk, Helmet, and DOMPurify. These are well-known industry-standard tools for dependency scanning and application hardening. No untrusted external scripts or payloads are downloaded or executed.
- [COMMAND_EXECUTION]: The shell commands provided (e.g.,
npm audit,npx snyk test) are intended for developers to run locally as part of their security auditing workflow. They do not represent malicious command injection or hidden execution. - [DATA_EXPOSURE]: The skill correctly recommends managing secrets using environment variables and includes a checklist to ensure developers follow best practices for data protection. No hardcoded credentials or sensitive file access patterns were found.
Audit Metadata