trpc
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill architecture enforces security at the router boundary using RBAC middleware (
rbacProcedure) to verify user authentication and active status before processing requests. - [SAFE]: Vulnerability to indirect prompt injection is mitigated by design. 1. Ingestion points: API input schemas (e.g.,
ListHaulersInputSchemain SKILL.md). 2. Boundary markers: Zod.strict()validation is used to reject unexpected properties. 3. Capability inventory: Procedures are limited to database queries via Drizzle ORM. 4. Sanitization: All inputs are strictly typed and parsed before reaching business logic. - [COMMAND_EXECUTION]: The documentation includes instructions for running standard development tools (
pnpm lint,pnpm check:types) and local validation scripts to ensure code quality and pattern compliance.
Audit Metadata