zod
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill consists entirely of Markdown documentation and TypeScript code snippets. It does not include any executable scripts, binaries, or automated installers.
- EXTERNAL_DOWNLOADS (SAFE): The skill references established and trusted libraries such as 'zod' and '@zod/mini'. References in 'metadata.json' point to official project websites (zod.dev) and the official GitHub repository (colinhacks/zod), which are considered trusted sources.
- DATA_EXFILTRATION (SAFE): Code examples demonstrate standard data handling patterns, such as parsing API responses or form data. There are no patterns involving hardcoded secrets or the exfiltration of sensitive files (~/.ssh, .env) to external domains.
- PROMPT_INJECTION (SAFE): The instructions are purely educational and are designed to guide an AI agent in generating better TypeScript code. No attempts to bypass safety filters or override system instructions were found.
- DYNAMIC_EXECUTION (SAFE): The use of 'z.lazy()' and dynamic 'import()' in the examples are standard practices for recursive schema definition and code-splitting in TypeScript, respectively, and do not pose a security risk in this context.
Audit Metadata