Skills
skills/marcoodignoti/couple-diary/api-routes/Gen Agent Trust Hub

api-routes

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill provides templates for API routes that ingest untrusted data from HTTP requests which could be a vector if not properly handled by the implementer.
  • Ingestion points: Untrusted data enters via request.json() and URL.searchParams in files such as app/api/items+api.ts and app/api/weather+api.ts.
  • Boundary markers: The skill provides a specific "Rules" section that explicitly instructs the user to "ALWAYS validate and sanitize user input."
  • Capability inventory: The templates demonstrate the use of network operations (fetch to OpenAI and Weather APIs) and database execution (db.execute via Turso).
  • Sanitization: Guidelines for sanitization and validation are included in the instructions, though implementation is left to the developer.
  • [External Downloads] (LOW): The documentation provides instructions to install the eas-cli package.
  • Evidence: npm install -g eas-cli is recommended for deployment. This is a standard developer tool for the Expo ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:25 PM