zod-env-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE: The skill is primarily a documentation and template provider for code generation. No malicious patterns or behaviors were detected.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from
.env.examplefiles to generate code. While this is an ingestion surface, the risk is limited to the generation of local project files and the logic relies on standard LLM parsing guardrails. - Ingestion points: Reads contents of
.env.examplefiles from the project root. - Boundary markers: None explicitly defined for the input file data; relies on comment-based mapping.
- Capability inventory: Generates and instructs the agent to write TypeScript files (schemas and getters) to the filesystem.
- Sanitization: None specified; the agent is expected to interpret comments (e.g.,
# zod:string) as validation rules.
Audit Metadata