craft-site
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents standard Craft CMS 5 front-end development patterns, including atomic design principles and template routing. All examples follow security best practices such as mandatory CSRF protection for forms and input sanitization.
- [SAFE]: Integration with third-party services and plugins (like Amazon SES, Google Tag Manager, and various Craft plugins) uses environment variables for sensitive data, avoiding hardcoded credentials in code or configuration files.
- [SAFE]: The documented buildchain (Vite, Tailwind CSS) and package management (Composer, npm) follow official platform recommendations and standard development workflows.
- [SAFE]: Data ingestion surfaces such as forms (Formie, Sprig) and API endpoints (Element API, GraphQL) are addressed with appropriate security measures like CSRF tokens and sanitization, mitigating indirect prompt injection risks in the context of the platform's intended use.
Audit Metadata