react-hook-form-zod
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The instruction files (specifically
rules/react-hook-form-zod.md) provide functional coding guidelines for developers. There are no attempts to bypass safety filters, extract system prompts, or override agent behavior. - [COMMAND_EXECUTION] (SAFE): The script
scripts/check-versions.shuses standardnpm viewcommands to verify package versions. These are non-malicious, unprivileged commands necessary for the skill's utility. - [DATA_EXFILTRATION] (SAFE): Analysis of the code templates (
basic-form.tsx,server-validation.ts) shows standard API communication patterns targeting relative paths (e.g.,/api/login). No sensitive data access or exfiltration to external domains was detected. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references official documentation for React Hook Form, Zod, and shadcn/ui. All external links point to trusted, reputable domains.
- [Indirect Prompt Injection] (LOW): The skill provides an interface for handling untrusted user input via forms, which is a common attack surface.
- Ingestion points: User inputs in React forms and JSON bodies in server-side API examples.
- Boundary markers: The skill mandates strict Zod schemas to validate all incoming data before processing.
- Capability inventory: No dangerous capabilities (e.g.,
exec,eval) are present in the provided templates. - Sanitization: Zod validation serves as the primary sanitization layer, combined with React's built-in XSS protections.
Audit Metadata