javascript-author
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a repository of best practices for writing secure JavaScript. It emphasizes XSS prevention by recommending
textContent,insertAdjacentHTML, and the Sanitizer API (or DOMPurify as a fallback) while explicitly warning against directinnerHTMLusage with untrusted data. - [SAFE]: Defensive programming is a core focus, with detailed guidance on type guards, safe number handling, and feature detection to ensure code robustness and graceful degradation.
- [SAFE]: The skill explicitly lists dangerous patterns to avoid, including
eval(),new Function(), anddocument.write(), reducing the risk of the agent generating vulnerable code. - [SAFE]: No evidence of prompt injection, data exfiltration, or persistence mechanisms was found. All network-related examples (e.g., in
DEFENSIVE.md) use generic relative paths for API endpoints and monitoring, which is standard development practice.
Audit Metadata