TypeBox + Fastify
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- General Security (SAFE): The skill demonstrates security best practices for API development, including the use of
@fastify/rate-limitfor DDoS protection,@fastify/corsfor cross-origin policy management, and graceful shutdown patterns. - Category 8: Indirect Prompt Injection (INFO): The skill defines patterns for handling untrusted external data via Fastify request objects. 1. Ingestion points: Data enters via
request.params,request.query, andrequest.bodyinSKILL.md. 2. Boundary markers: TypeBox schemas enforce structural constraints on all incoming data. 3. Capability inventory: The code is limited to API routing and response handling; no dangerous system capabilities are exposed. 4. Sanitization: Inputs are strictly validated against TypeBox schemas, providing inherent protection against malformed or malicious payload structures.
Audit Metadata