tanstack-query
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The dependencies listed in
package.jsonand suggested in the documentation are well-known, standard libraries for React development (e.g.,@tanstack/react-query,vite,msw). They are sourced from official registries. - [DATA_EXFILTRATION] (SAFE): Network operations found in the code templates (e.g.,
fetchcalls) are directed atjsonplaceholder.typicode.com, a standard public mock API used for testing and tutorials. No sensitive user data or system credentials are accessed or transmitted. - [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns were detected. There are no scripts that download and execute external content (e.g.,
curl | bash). The providedscripts/example-script.shis a benign placeholder. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill handles external data via API fetches. While this creates a theoretical surface for indirect injection from a compromised API, the skill uses standard React rendering which provides default protection against XSS and similar injection attacks. No dangerous sinks like
eval()ordangerouslySetInnerHTMLare used with external data.
Audit Metadata