zustand
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains no instructions to override agent behavior, bypass safety guidelines, or extract system prompts. All instructions are focused on technical implementation and best practices.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The code snippets include standard local API calls and persistence to localStorage, which are typical for frontend state management.
- [OBFUSCATION]: No hidden content, encoded strings (Base64), zero-width characters, or homoglyphs were found.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill does not perform remote script execution or install packages from untrusted sources. It references well-known libraries like Zustand and Immer.
- [DYNAMIC_EXECUTION]: There is no evidence of runtime code generation, unsafe deserialization, or use of dynamic execution functions like eval() or exec().
- [INDIRECT_PROMPT_INJECTION]: The skill acts as a static documentation resource and does not define tools that process untrusted external data into sensitive execution contexts.
Audit Metadata