tanstack-router
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill handles untrusted data via route parameters and loaders, creating a potential injection surface. 1. Ingestion points:
templates/route-examples.tsx(route parameters and loader data). 2. Boundary markers: Absent in provided code templates. 3. Capability inventory: Usesfetchfor data operations. 4. Sanitization: Absent in templates, though documentation suggests using Zod for validation. - Prompt Injection (SAFE): No instructions targeting agent behavior or safety filters were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive local file path access found.
- Obfuscation (SAFE): All content is in plain text; no Base64 or hidden characters detected.
- Unverifiable Dependencies (SAFE): Suggested dependencies are official, well-known libraries in the React ecosystem.
Audit Metadata