javascript-best-practices

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No patterns of instruction overriding, safety filter bypasses, or role-play jailbreaks were detected in the skill instructions or metadata.
  • [DATA_EXFILTRATION]: No attempts to access sensitive file paths (e.g., .ssh, .aws, .env) or hardcoded credentials were found. Network calls in examples use relative paths or standard environment variables (e.g., process.env.API_URL), which is a recommended security practice.
  • [REMOTE_CODE_EXECUTION]: The skill does not perform any remote script downloads or piped execution. It provides static coding examples and project structure guidelines.
  • [COMMAND_EXECUTION]: No shell command execution or subprocess spawning is present in the skill's logic or examples.
  • [OBFUSCATION]: All content is in plain text. No Base64, hex encoding, zero-width characters, or other obfuscation techniques were identified.
  • [SAFE]: The skill follows established industry conventions for JavaScript development and acts strictly as a reference for idiomatic code patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 02:42 AM
Security Audit — agent-trust-hub — javascript-best-practices