tanstack-db
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official library packages from the TanStack organization and provides instructions for fetching related agent skills from the vendor's own repository (oakoss/agent-skills). These sources are well-known and consistent with the skill's purpose.
- [COMMAND_EXECUTION]: Documentation includes standard shell commands (npm, pnpm, npx) for package installation and agent skill expansion. These are routine development operations.
- [SAFE]: The skill uses best practices for data handling, such as promoting Zod schema validation for external data sources to prevent malformed data ingestion.
- [PROMPT_INJECTION]: The skill possesses a data ingestion surface through live queries and API sync handlers; however, it mitigates potential risks by encouraging strict schema validation (e.g., in references/local-and-storage-collections.md and references/setup.md).
- Ingestion points: Data enters the system via 'queryFn' in queryCollectionOptions and 'shapeOptions' in electricCollectionOptions.
- Boundary markers: Data is processed through a structured reactive database engine with defined query parameters.
- Capability inventory: The skill uses 'fetch' for network operations and 'localStorage' for browser persistence.
- Sanitization: Explicitly recommends the use of Zod-based schemas for runtime validation of incoming data.
Audit Metadata