kamae
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements comprehensive security best practices for TypeScript development, including instructions for PII (Personally Identifiable Information) protection using a closure-based wrapper (
Sensitive<T>) to prevent accidental data leakage in logs and JSON serialization. - [SAFE]: The skill emphasizes "Boundary Defense" by mandating runtime schema-based validation for all external inputs (API requests, DB results, environment variables) using established libraries like Zod, Valibot, or ArkType.
- [SAFE]: The skill promotes the use of Branded Types and discourages unsafe type assertions (
as), ensuring that type guarantees are enforced through validation rather than compile-time bypasses. - [SAFE]: The skill reads project-specific configuration files (
package.json) and rule files (.claude/rules/*.md,~/.claude/rules/*.md) to provide context-aware guidance. This behavior is standard for developer-oriented AI agent skills and is used solely for environment detection and preference loading. - [SAFE]: The code examples provided follow strict functional programming principles (immutability, pure functions, Result types) which reduce the likelihood of common programming errors and side-effect-based vulnerabilities.
Audit Metadata