api-rest
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a template and best-practice guide for Next.js API development with no malicious instructions or suspicious code patterns detected.
- [SAFE]: Implements robust input validation using the Zod library for both request bodies (
parseBody) and query parameters (parseQuery), which effectively mitigates common injection and malformed data attacks. - [SAFE]: All database operations in the provided examples use Drizzle ORM (e.g.,
eq(project.id, id)), which utilizes parameterized queries to prevent SQL injection. - [SAFE]: The examples demonstrate consistent authorization checks (e.g.,
if (!session) return unauthorized()) and resource ownership verification (e.g.,if (item.userId !== session.user.id) return forbidden()) before performing operations. - [SAFE]: Standardized error handling ensures that internal server details are not exposed to the client, using specific error codes and statuses.
Audit Metadata