tanstack-query
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety guidelines were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected. All network calls use relative API paths (e.g., /api/environments) typical for frontend applications.
- Obfuscation (SAFE): No obfuscated code, zero-width characters, or encoded commands were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard, well-known packages (@tanstack/react-query). There are no remote script executions or untrusted package installations.
- Privilege Escalation (SAFE): No commands for acquiring elevated permissions (e.g., sudo, chmod) were identified.
- Persistence Mechanisms (SAFE): No attempts to maintain access across sessions via shell profiles or scheduled tasks were found.
- Indirect Prompt Injection (SAFE): The skill provides code templates for fetching data from an API. While it ingests external data, it does not interpolate this data into an LLM prompt context in a way that suggests a vulnerability surface.
- Dynamic Execution (SAFE): No use of eval(), exec(), or other dynamic code generation techniques was detected.
Audit Metadata