boxlang-security
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a comprehensive security reference for the BoxLang language, detailing defensive coding practices to mitigate OWASP Top 10 vulnerabilities.
- [SAFE]: It provides specific configuration recommendations for the
boxlang.jsonruntime to restrict high-risk capabilities, such as disabling OS command execution and limiting Java class imports. - [SAFE]: The skill correctly identifies and warns against insecure patterns (e.g., SQL string concatenation) while providing secure, parameterized alternatives.
- [SAFE]: Sensitive data management is handled according to industry best practices, recommending the use of environment variables and the avoidance of hardcoded credentials.
Audit Metadata