tanstack-start
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard development commands (e.g.,
pnpm install,npx wrangler,openssl) to set up the project environment and manage infrastructure. These actions are aligned with the skill's primary purpose of application generation. - [EXTERNAL_DOWNLOADS]: Dependencies and CLI tools are downloaded from official NPM registries and trusted providers like Cloudflare and the TanStack team. The use of
pnpm dlx shadcn@latestis a standard method for initializing UI components from a well-known service. - [CREDENTIALS_UNSAFE]: The skill implements secure credential handling practices by directing the creation of a
.dev.varsfile (correctly excluded from version control via.gitignore) and utilizing Cloudflare's native secret management tools (wrangler secret put). No secrets or API keys are hardcoded in the skill files. - [PROMPT_INJECTION]: The instructions are technical and declarative. There are no attempts to override the agent's safety guidelines or manipulate its core behavior.
- [DATA_EXPOSURE]: The skill accesses project-specific configurations but does not attempt to read sensitive system files (like SSH keys or global AWS credentials) or exfiltrate data to unauthorized external endpoints.
Audit Metadata