tanstack-query
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to bypass AI safety filters or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized access to sensitive local files were identified. The network calls in the templates target a well-known public mock API (JSONPlaceholder) for demonstration purposes.
- [Obfuscation] (SAFE): The code and documentation are clear and transparent, with no encoded strings or hidden character patterns.
- [Remote Code Execution] (SAFE): The skill does not download or execute unverified scripts. Dependencies listed in the package configuration are standard, industry-recognized libraries.
- [Indirect Prompt Injection] (SAFE): The skill provides templates for fetching external data, which is its primary function. (1) Ingestion points: Data enters via fetch calls in files such as templates/custom-hooks-pattern.tsx. (2) Boundary markers: Absent, as these are generic code templates. (3) Capability inventory: Standard web network operations; no dangerous command execution or file system writes are included in the skill scripts. (4) Sanitization: Standard React rendering practices are followed.
Audit Metadata