loader-action-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions targeting agent behavior or safety overrides were found.
- [DATA_EXFILTRATION] (SAFE): Network requests are limited to relative internal paths (e.g.,
/api/users). No hardcoded secrets or access to sensitive local files (like SSH keys) are present. - [REMOTE_CODE_EXECUTION] (SAFE): No use of
eval(),exec(), or patterns that download and execute remote scripts. - [OBFUSCATION] (SAFE): Code is written in clear, standard TypeScript/JSX with no evidence of encoding or hidden characters.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill ingests external data (URL parameters and form inputs), it does not feed this data into an LLM or process it as instructions. React's built-in JSX escaping prevents XSS, and
zodis utilized for strict input validation in the action handlers.
Audit Metadata