constructive-uploads
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a presigned URL flow for file uploads, which is a recognized security best practice to prevent large file streams from overloading application servers.
- [SAFE]: Security validation mechanisms are well-documented, including SHA-256 hashing for content-addressed storage (enabling deduplication), MIME type allow-lists with wildcard support, and configurable file size limits.
- [SAFE]: Data access and storage operations are integrated with database Row-Level Security (RLS) policies and entity-scoped authorization models.
- [EXTERNAL_DOWNLOADS]: The skill references several vendor-owned Node.js packages (e.g.,
@constructive-io/upload-client) and PostGraphile plugins used to facilitate the upload flow. These resources originate from the skill author's own ecosystem. - [CREDENTIALS_UNSAFE]: The configuration examples utilize environment variables (e.g.,
process.env.AWS_ACCESS_KEY) for secret management. The documentation includes default credentials (minioadmin) specifically for local development and testing environments using MinIO.
Audit Metadata