api-design-first
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a comprehensive instructional guide for designing and building HTTP APIs with a focus on 'API-design-first' principles.
- [SAFE]: Instructions explicitly promote security best practices, including mandatory security headers (HSTS, X-Content-Type-Options, X-Frame-Options), proper CORS configuration (avoiding wildcards with credentials), and secure credential management such as hashing API keys using SHA-256 before storage.
- [SAFE]: The workflow ensures tenant isolation by deriving scope from authentication tokens rather than request bodies or query strings, which effectively prevents cross-tenant data leaks.
- [SAFE]: No suspicious external network requests, obfuscated code, or remote command execution patterns were identified across the documentation or provided PHP code snippets.
Audit Metadata