security-best-practices
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to enhance project security through automated audits and reviews based on comprehensive security specs provided in the 'references/' directory.
- [DATA_EXFILTRATION]: All included security specifications (e.g., 'python-django-web-server-security.md', 'golang-general-backend-security.md') contain explicit 'MUST NOT' requirements regarding the handling of secrets, API keys, and other sensitive credentials.
- [PROMPT_INJECTION]: No prompt injection, jailbreak, or system prompt extraction patterns were detected in the instructions. The 'Overrides' logic is designed to handle legitimate project exceptions with user consultation rather than bypassing security protocols.
- [COMMAND_EXECUTION]: The skill does not perform any shell command execution or interact with the operating system in a way that suggests privilege escalation or persistence. It generates markdown reports and offers suggestions for code improvements.
Audit Metadata