tanstack-query
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or safety filters were found. The content is strictly technical documentation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or access to sensitive local file paths (like ~/.ssh or .env) were detected. Network operations shown in examples use standard REST API patterns.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs were found. The documentation is in clear markdown and TypeScript.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references established libraries from the @tanstack organization. No suspicious remote scripts (curl | bash) or unverified package installations are present.
- Indirect Prompt Injection (SAFE): While the skill defines patterns for data ingestion, it does not provide an attack surface for executing instructions embedded in external data. No unsafe interpolation of untrusted data into prompts was identified.
- Persistence & Privilege Escalation (SAFE): No attempts to modify shell profiles, system services, or use sudo/chmod for unauthorized access were found.
Audit Metadata