hono-routing
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/check-versions.shscript utilizes thenpm viewcommand to fetch metadata from the npm registry to verify if local package versions are current. This is a standard utility for developer environment maintenance.\n- [EXTERNAL_DOWNLOADS]: The skill documentation and templates reference several well-known packages from the official npm registry, includinghono,zod, andvalibot. These are established industry-standard tools from a trusted ecosystem.\n- [PROMPT_INJECTION]: The skill provides patterns for handling untrusted user input through Hono's request parsing methods (e.g.,c.req.json(),c.req.query()), which constitutes an indirect prompt injection surface.\n - Ingestion points: Untrusted data enters the execution context through request parsing in
SKILL.mdand templates such asrouting-patterns.ts.\n - Boundary markers: The skill explicitly instructs developers to use validation middleware like
zValidatororvValidatorand thec.req.valid()method to enforce strict data schemas.\n - Capability inventory: Code templates demonstrate network operations via
fetch, logging, and simulated database interactions.\n - Sanitization: Validation best practices are the core focus, utilizing Zod/Valibot schemas to ensure all external data is sanitized and typed before use.
Audit Metadata