react-router
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill describes methods for processing untrusted external data, creating a vulnerability surface for indirect prompt injection in the developed application.\n
- Ingestion points:
params.idin route loaders andrequest.formData()in route actions (SKILL.md).\n - Boundary markers: Absent. The documentation does not instruct the agent to use delimiters or 'ignore embedded instruction' warnings when processing this data.\n
- Capability inventory: The skill allows the use of
EditandWritetools to implement application logic based on these inputs.\n - Sanitization: The provided examples show basic logic validation but lack explicit instructions for the agent to sanitize or escape user-provided content.\n- [DATA_EXFILTRATION] (SAFE): No evidence of credential leakage or unauthorized data access was found.\n- [EXTERNAL_DOWNLOADS] (SAFE): Mentions standard web packages like
@tanstack/react-query. No suspicious remote execution patterns detected.\n- [COMMAND_EXECUTION] (SAFE): The provided commands (pnpm dev:web, etc.) are standard for local development environments.
Audit Metadata