trpc
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides technical documentation and reference implementations for tRPC, focusing on end-to-end type safety in TypeScript applications.
- [COMMAND_EXECUTION]: Installation instructions use standard package managers to install well-known, legitimate libraries from the tRPC ecosystem (e.g., @trpc/server, @trpc/client) and related tools (Zod, TanStack Query).
- [EXTERNAL_DOWNLOADS]: All external references and dependencies are from trusted or well-known sources (GitHub, NPM) and are used for their intended purpose in the development lifecycle. This includes adapters for Express, Fastify, and Hono.
- [PROMPT_INJECTION]: No patterns indicative of prompt injection, instruction overrides, or behavior manipulation were found in the skill body or metadata.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or sensitive file paths were detected. Code examples use best practices for session management and authentication.
- [DATA_EXFILTRATION]: Network operations described in the code snippets are restricted to local development endpoints (localhost) or standard application routes (/api/trpc). No evidence of unauthorized data transmission was found.
- [REMOTE_CODE_EXECUTION]: No remote script execution or unsafe dynamic code generation patterns (like eval or exec) were identified.
- [DATA_EXPOSURE]: The documentation emphasizes input validation using Zod and proper error formatting to prevent information leakage, following security best practices.
Audit Metadata