Skills
skills/clownnvd/claude-code-skills/zustand-pro/Gen Agent Trust Hub

zustand-pro

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references standard installation of well-known packages including zustand, immer, and zundo.
  • [PROMPT_INJECTION]: The skill documents patterns for ingesting and processing potentially untrusted data from users and AI systems, which constitutes an indirect prompt injection surface.
  • Ingestion points: External data is ingested through the cvData and applyAIPatch structures in references/cviet-patterns.md.
  • Boundary markers: The provided code patterns do not include explicit delimiters or instructions to ignore instructions within the processed data.
  • Capability inventory: The skill utilizes fetch calls in references/cviet-hooks.md to interact with local API endpoints based on the ingested state.
  • Sanitization: The reference patterns do not demonstrate sanitization or validation of the data before it is processed or sent to external endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:20 AM