integrating-zod-frameworks
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions found that attempt to override AI behavior or bypass safety filters. The content is strictly instructional and follows its stated purpose.
- [DATA_EXFILTRATION] (SAFE): No code accessing sensitive file paths (~/.ssh, .env, etc.) or performing unauthorized network operations. The examples use safe, local data processing.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill contains no patterns for downloading and executing remote scripts (e.g., curl | bash) or using unsafe evaluation functions like
eval(). - [COMMAND_EXECUTION] (SAFE): No subprocess calls, shell command executions, or administrative privilege escalations (sudo) were detected.
- [EXTERNAL_DOWNLOADS] (SAFE): References standard and trusted npm packages (zod, express, @trpc/server) for implementation. There are no links to untrusted or malicious sources.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill defines how to ingest external data (form fields, request bodies), it specifically focuses on validation and sanitization using Zod's
safeParse,trim, andtoLowerCasemethods, which mitigates the risk of processing malicious inputs. No high-privilege capabilities are exposed to this external data in the examples provided.
Audit Metadata