tanstack-start
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override agent behavior or bypass safety filters were found.
- [Data Exposure & Exfiltration] (SAFE): Code patterns correctly use environment variables for API keys rather than hardcoded secrets. No sensitive file access or unauthorized network exfiltration was detected.
- [Indirect Prompt Injection] (LOW): The skill defines surfaces for untrusted data ingestion via API routes (e.g.,
api.example.ts) and MCP tools. While these are potential injection points for applications built with these patterns, the inclusion of Zod validation in the MCP examples serves as a primary defense. - [Remote Code Execution] (SAFE): The skill does not perform or facilitate arbitrary command execution or remote script downloads. All referenced packages are standard industry libraries.
Audit Metadata