tanstack-ai
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill consists of documentation and implementation examples for the TanStack AI framework, a legitimate and well-known project. No malicious instructions, hidden commands, or deceptive patterns were identified.
- [EXTERNAL_DOWNLOADS]: The documentation lists official packages from the @tanstack organization and reputable LLM providers as dependencies. These are considered trusted sources and do not represent a security risk.
- [DATA_EXPOSURE]: Examples correctly instruct users to use environment variables for sensitive API keys and provide generic placeholders for tokens in headers, following security best practices.
- [INDIRECT_PROMPT_INJECTION]: The skill documents patterns for processing untrusted user messages, file uploads, and tool results (ingestion points in SKILL.md and tools.md). While these are surfaces for indirect injection, the framework includes mitigation features like the 'needsApproval' flag and structured output validation to manage risks.
Audit Metadata