store-best-practice
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns found attempting to override agent instructions or bypass safety filters. The use of instructional language like 'strictly follow' is standard for technical templates.
- [Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials, sensitive file access, or unauthorized network communication. The skill operates entirely on local template logic.
- [Obfuscation] (SAFE): No encoded strings, zero-width characters, or homoglyphs detected. The code and documentation are transparent and readable.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references the reputable 'zustand' library for frontend development. It does not perform remote script execution or download untrusted binaries.
- [Indirect Prompt Injection] (LOW): While the skill processes user-provided state requirements to generate code, it includes a robust checklist (checklist.md) that explicitly forbids side effects (API calls, DOM manipulation) in the generated slices, effectively mitigating typical injection risks.
- [Dynamic Execution] (SAFE): The skill generates static TypeScript files from templates. It does not use unsafe deserialization or runtime code compilation.
Audit Metadata