nodejs
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides defensive guidelines for Node.js development and contains no malicious patterns or instructions.
- [EXTERNAL_DOWNLOADS]: External documentation is linked from trusted repositories, such as the official Node.js project and OWASP, for informational purposes. These downloads do not include executable code.
- [COMMAND_EXECUTION]: Instructions guide the agent to use
execFileandspawnwith argument arrays to prevent shell injection, while explicitly warning against insecure alternatives likeexecwhen handling user input. - [DATA_EXFILTRATION]: No exfiltration vectors were detected. The skill includes explicit guidance on secure secrets management to protect sensitive credentials and prevent accidental exposure in source control.
- [REMOTE_CODE_EXECUTION]: The guidance provides mitigations against RCE by warning against the use of
eval(),new Function(), and dynamicrequire()with user-controlled input. - [PROMPT_INJECTION]: The skill's instructions focus on technical conventions and security hardening, with no attempts to bypass safety filters or ignore prior instructions.
Audit Metadata