content-safety-guard
Provides a dual-layer AI content guardrail to ensure safe communication from AI agents, utilizing a judge model for output evaluation.
Install this skill
Security score
The content-safety-guard skill was audited on May 15, 2026 and we found 25 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 69 | const GUARD_SYSTEM_PROMPT = `You are a content safety filter for ${BRAND_NAME}, an AI assistant serving [describe your user base]. |
Template literal with variable interpolation in command context
| 133 | console.warn(`[message-guard] BLOCKED: ${verdict.reason}`); |
Template literal with variable interpolation in command context
| 142 | console.error(`[message-guard] Error (fail-open): ${err.message}`); |
Template literal with variable interpolation in command context
| 152 | const url = `${API_URL}/${GEMINI_MODEL}:generateContent?key=${apiKey}`; |
Template literal with variable interpolation in command context
| 164 | parts: [{ text: `Evaluate this outbound message:\n\n${messageContent}` }], |
Template literal with variable interpolation in command context
| 178 | throw new Error(`Gemini API ${response.status}: ${errBody.slice(0, 200)}`); |
Template literal with variable interpolation in command context
| 186 | console.warn(`[message-guard] Gemini safety filter triggered (${finishReason})`); |
Template literal with variable interpolation in command context
| 187 | return { pass: false, reason: `gemini-safety-${finishReason}` }; |
Template literal with variable interpolation in command context
| 205 | console.warn(`[message-guard] Unexpected Gemini response: ${text}`); |
Template literal with variable interpolation in command context
| 206 | return { pass: false, reason: `unexpected-format: ${text.slice(0, 50)}` }; |
Template literal with variable interpolation in command context
| 262 | console.error(`[message-guard] Error (fail-open): ${err.message}`); |
Template literal with variable interpolation in command context
| 269 | console.error(`[message-guard] Error (fail-closed): ${err.message}`); |
Template literal with variable interpolation in command context
| 491 | console.log(`Running ${cases.length} tests...\n`); |
Template literal with variable interpolation in command context
| 501 | console.log(`\n-- ${CATEGORY_NAMES[currentCategory]} --`); |
Template literal with variable interpolation in command context
| 517 | console.log(` OK ${tc.id} ${tc.name}`); |
Template literal with variable interpolation in command context
| 521 | console.log(` FAIL ${tc.id} ${tc.name} (expected ${tc.expect}, got ${actual})`); |
Template literal with variable interpolation in command context
| 525 | console.log(` Replaced with: ${result.content.slice(0, 60)}...`); |
Template literal with variable interpolation in command context
| 530 | console.log(`\nResults: ${passed}/${cases.length} correct (${failed} mismatches)\n`); |
Template literal with variable interpolation in command context
| 535 | console.log(` ${f.id} [Cat ${f.category}] ${f.name} — expected ${f.expect}`); |
Template literal with variable interpolation in command context
| 536 | console.log(` "${f.content.slice(0, 100)}..."`); |
Template literal with variable interpolation in command context
| 547 | console.log(` [${icon}] Cat ${cat}: ${catPassed}/${catCases.length} -- ${CATEGORY_NAMES[cat]}`); |
Access to .env file
| 63 | const BRAND_NAME = process.env.BRAND_NAME || "{BRAND_NAME}"; |
Access to .env file
| 113 | const apiKey = process.env.GOOGLE_GENAI_API_KEY; |
Unicode escape sequences
| 224 | return /[\u4e00-\u9fff]/.test(text); |
External URL reference
| 58 | const API_URL = "https://generativelanguage.googleapis.com/v1beta/models"; |