tanstack-query
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides numerous URLs to fetch markdown documentation from
tanstack.com. As TanStack is a well-known technology provider, these references are documented as safe and necessary for the skill's primary research function.\n- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface because it is designed to ingest and process data from external web pages.\n - Ingestion points: Multiple documentation URLs from
tanstack.comdefined inSKILL.md.\n - Boundary markers: The skill does not explicitly instruct the agent or sub-agent to use delimiters or warnings when processing the fetched documentation content.\n
- Capability inventory: The skill is configured to spawn sub-agents via a
Tasktool to perform web-fetching and research.\n - Sanitization: There are no instructions for sanitizing or validating the content retrieved from the external URLs before analysis.
Audit Metadata