TanStack Router
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the user to install packages including
@tanstack/react-router,@tanstack/router-vite-plugin, andzod. While these are widely used in the development community, the TanStack organization is not on the specific list of trusted sources provided in the analysis framework. The severity is lowered to LOW as these dependencies are central to the skill's primary purpose of providing library guidance.\n- EXTERNAL_DOWNLOADS (LOW): An automated scanner flagged the domain 'certificate.su' as a phishing site. A manual audit of the skill's SKILL.md file failed to locate this string or any hidden/obfuscated links to such a domain. The alert may be a false positive triggered by the word 'certificates' used in route and component examples.\n- SAFE (SAFE): No evidence of malicious logic, persistence mechanisms, or data exfiltration was found. The provided TypeScript and React snippets follow standard library conventions and do not contain patterns suggesting prompt injection or unauthorized command execution.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata