security-practices
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is an educational resource containing security guidelines for web development. It contains no executable scripts, network operations, or persistence mechanisms.
- [CREDENTIALS_UNSAFE]: The file contains examples of hardcoded credentials (e.g.,
JWT_SECRET = "super-secret-key-123") and sensitive file names (.env,credentials.json). These are explicitly labeled as "BAD" examples or recommendations for.gitignoreto demonstrate insecure practices and their mitigations. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to review untrusted code provided by users (Category 8). It addresses this by providing clear defensive rules and boundary-checking logic for the agent to follow when evaluating such data.
Audit Metadata