javascript-php-integration
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides defensive coding guidelines for PHP and JavaScript integration, promoting a clear separation of concerns by keeping logic in separate files.
- [SAFE]: Includes explicit implementation patterns for CSRF protection using meta tags and custom headers, verified server-side with timing-safe comparisons via hash_equals().
- [SAFE]: Mandates security-focused encoding flags (JSON_HEX_APOS, JSON_HEX_TAG) and sanitization (htmlspecialchars) to mitigate XSS risks when transferring data from server to client through data attributes.
- [SAFE]: Recommends infrastructure-level security checks, such as validating the 'X-Requested-With' header to prevent cross-site request forgery and direct browser access to API endpoints.
Audit Metadata