backend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust architectural doctrine requiring layered separation (Routes, Controllers, Services, Repositories), which enhances security by isolating business logic from external entry points.
- [SAFE]: Mandatory input validation is enforced for all external data using Zod schemas, effectively mitigating common injection and data corruption vulnerabilities.
- [SAFE]: The skill strictly forbids direct access to environment variables (
process.env), requiring a centralized, type-safe configuration pattern (unifiedConfig) to manage secrets and settings securely. - [SAFE]: Comprehensive error handling and observability are mandated through a BaseController pattern and Sentry integration, ensuring that failures are tracked without leaking sensitive information in raw logs.
- [SAFE]: No unauthorized command execution, remote code downloads, or persistence mechanisms were detected in the instructions or resources.
Audit Metadata