Skills
skills/dobroslavradosavljevic/skills/tanstack-start-server-runtime-and-apis/Gen Agent Trust Hub

tanstack-start-server-runtime-and-apis

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill references official TanStack documentation and the @tanstack/react-start package, which are well-known and trusted resources in the developer community.
  • [DATA_EXFILTRATION]: The instructions include proactive security measures to prevent the leakage of sensitive data. It explicitly guides developers to separate server-side secrets in process.env from client-side variables prefixed with VITE_ to ensure that API keys or private credentials are not exposed to the client.
  • [PROMPT_INJECTION]: The skill promotes secure data handling by recommending the use of .inputValidator(...) for all server functions, which acts as a defense against malicious inputs crossing the network boundary. While the skill defines a surface for processing untrusted data, it enforces validation best practices.
  • Ingestion points: createServerFn handles data crossing the network boundary from client to server (found in SKILL.md and references/server-runtime-and-request-flow.md).
  • Boundary markers: The instructions define server functions explicitly as 'networked server boundaries' and distinguish between environment-restricted helpers and RPCs.
  • Capability inventory: The skill uses standard TanStack Start APIs for middleware, response handling, and RPC-style functions; no arbitrary command execution, unsafe deserialization, or network exfiltration patterns were detected.
  • Sanitization: The skill explicitly mandates the use of .inputValidator(...) to validate and sanitize any data passed into server-side handlers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 02:16 PM