datocms-frontend-integrations
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Automated flags for prompt injection were identified as false positives. The word 'bypass' is used in the context of the standard Next.js
__prerender_bypasscookie for draft mode, and the word 'ignored' correctly describes the technical precedence of props in Structured Text components. - [SAFE]: The skill consistently recommends best practices for security, such as using
isRelativeUrlto prevent open redirect vulnerabilities when handling redirects in API routes. - [SAFE]: All sensitive credentials (API tokens, JWT secrets) are handled via environment variables, following standard secret management protocols.
- [SAFE]: The implementation of
frame-ancestorsin CSP headers correctly limits the embedding of the site to trusted DatoCMS origins, protecting against clickjacking and unauthorized iframe usage. - [SAFE]: External downloads and dependencies are limited to official DatoCMS packages and well-known libraries (such as Mux Player, JSONWebToken, and GraphQL), which are considered safe for their intended purpose.
Audit Metadata