prowler-api
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a comprehensive documentation and pattern-matching guide for developers working on the Prowler API. It includes detailed instructions on implementing Row-Level Security (RLS), RBAC, and Celery tasks with proper tenant context to ensure multi-tenant isolation.
- [SAFE]: The provided code assets (celery_patterns.py and security_patterns.py) demonstrate secure implementation patterns and explicitly warn against common security pitfalls, such as bypassing RLS using admin database connections or trusting user-provided tenant identifiers in API requests.
- [SAFE]: Configuration examples in configuration.md and production-settings.md follow industry best practices, such as using environment variables for secrets, implementing rate limiting (throttling), and enabling secure HTTP headers (HSTS, secure cookies) for production deployments.
- [SAFE]: No malicious patterns, such as prompt injection, data exfiltration, or unauthorized remote code execution, were found in the instructions or accompanying scripts. The skill correctly identifies and mitigates potential attack vectors like dynamic task name execution.
Audit Metadata