react-pdf-pro
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes trusted external sources for necessary assets. Font and emoji registration URLs point exclusively to Google Fonts (fonts.gstatic.com) and Cloudflare (cdnjs.cloudflare.com), which are recognized as safe and reliable service providers.
- [SAFE]: Secure implementation patterns for processing external data are documented. The API route examples demonstrate proper authentication gating using Auth.js and include sanitization logic for user-provided strings, such as filename generation.
- [SAFE]: The skill demonstrates safe handling of indirect prompt injection surfaces through structured data processing. 1. Ingestion points: User-controlled CV data enters via database queries in the export route. 2. Boundary markers: The PDF rendering process naturally delimits data from instructions. 3. Capability inventory: Generation is restricted to the @react-pdf/renderer library. 4. Sanitization: Filename regex filtering is applied to prevent injection.
- [SAFE]: No evidence of credential exposure, unauthorized network operations, or persistence mechanisms was found in the provided code samples and documentation.
Audit Metadata