oma-backend
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is entirely composed of markdown instructions and reference guides; it contains no executable scripts, binaries, or automated installation processes.
- [SAFE]: Security is a core focus of the instructions, which explicitly mandate the use of parameterized queries, input validation, and secure password hashing (bcrypt) for any code the agent generates.
- [SAFE]: The skill includes a specific constraint in the error playbook that prevents the agent from installing missing dependencies itself, effectively mitigating risks associated with unauthorized package installation.
- [SAFE]: Standard secret management practices are enforced, requiring that all sensitive configurations like API keys and database URLs be sourced from environment variables or secret managers instead of being hardcoded in source code.
- [SAFE]: No obfuscation, data exfiltration patterns, or attempts to bypass security filters were identified in any of the skill's components.
Audit Metadata