Skills
skills/kkpuma/puma-ai-engineering/angular-routing/Gen Agent Trust Hub

angular-routing

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides an implementation for a post-login redirect that serves as a vulnerability surface for indirect prompt injection.\n
  • Ingestion points: The Login component in references/routing-patterns.md retrieves a returnUrl from the queryParams of the current route.\n
  • Boundary markers: Absent. The code does not verify whether the provided URL is a relative path or an authorized domain.\n
  • Capability inventory: The this.router.navigateByUrl(returnUrl) call in references/routing-patterns.md executes navigation to the user-supplied URL.\n
  • Sanitization: Absent. No validation or filtering is applied to the returnUrl before use.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 12:04 AM