using-nuqs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions designed to override agent behavior or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected.
- Obfuscation (SAFE): The content is presented in clear text and code without any use of encoding or hidden characters to mask malicious intent.
- Unverifiable Dependencies & RCE (SAFE): The skill refers to the 'nuqs' package, which is a standard library for React state management. No remote script executions or suspicious package installations are present.
- Indirect Prompt Injection (LOW): The skill demonstrates patterns where application state is derived from URL query parameters. This is a standard architectural pattern for deep-linking but creates a surface for untrusted data ingestion. Ingestion points: URL query parameters via useQueryState in SKILL.md. Boundary markers: Not present. Capability inventory: UI state management and execution of an onDelete prop. Sanitization: Relies on nuqs library parsers.
- Persistence & Privilege Escalation (SAFE): No attempts to gain elevated permissions or establish persistence on the host system were identified.
- Dynamic Execution (SAFE): No usage of eval(), exec(), or other dynamic code generation techniques.
Audit Metadata