javascript-best-practices
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns of instruction overriding, safety filter bypasses, or role-play jailbreaks were detected in the skill instructions or metadata.
- [DATA_EXFILTRATION]: No attempts to access sensitive file paths (e.g., .ssh, .aws, .env) or hardcoded credentials were found. Network calls in examples use relative paths or standard environment variables (e.g., process.env.API_URL), which is a recommended security practice.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote script downloads or piped execution. It provides static coding examples and project structure guidelines.
- [COMMAND_EXECUTION]: No shell command execution or subprocess spawning is present in the skill's logic or examples.
- [OBFUSCATION]: All content is in plain text. No Base64, hex encoding, zero-width characters, or other obfuscation techniques were identified.
- [SAFE]: The skill follows established industry conventions for JavaScript development and acts strictly as a reference for idiomatic code patterns.
Audit Metadata