hono-routing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [Malicious URL Alert] (SAFE): The automated scanner alert for 'logger.info' is a false positive. 'logger.info' is a standard logging method in JavaScript/TypeScript; the scanner likely misidentified the '.info' suffix as a top-level domain. No actual malicious URLs were found in the skill.
- [Indirect Prompt Injection] (SAFE): The skill describes methods for handling external data but mitigates risk by enforcing strict schema validation using Zod and Valibot. While it creates a data ingestion surface, it follows security best practices for sanitization.
- [Command Execution] (SAFE): The repository mentions a 'check-versions.sh' script. Within the context of a development skill for Hono, such scripts are standard for verifying environment dependencies and do not represent a privilege escalation or malicious execution risk.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata