building-api-gateway
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a comprehensive and safe workflow for creating API gateways. All instructions and code samples align with the stated purpose of managing microservices traffic securely.
- [DATA_EXPOSURE_EXFILTRATION]: The skill mentions handling sensitive data like JWT tokens and API keys, but does so in the context of implementing security middleware at the gateway layer. No hardcoded credentials or unauthorized data access patterns were found.
- [COMMAND_EXECUTION]: The skill uses a scoped Bash tool
Bash(api:gateway-*)to generate boilerplate code for gateway frameworks. This is a restricted usage intended for scaffolding and does not present a risk of arbitrary command execution. - [REMOTE_CODE_EXECUTION]: All code examples use well-known, legitimate Node.js libraries (e.g., Express, Opossum, JS-YAML) and do not perform any remote script downloads or unsafe dynamic execution.
Audit Metadata