react-router-data-mode
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is strictly technical documentation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file paths (like ~/.ssh or .env) were found. Network examples (fetch) use generic placeholders or documentation URLs.
- Obfuscation (SAFE): The content is clear markdown and code. No Base64, zero-width characters, homoglyphs, or encoded commands are present.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No commands for package installation (npm/pip) or remote script execution (curl | bash) were detected. Code snippets use standard library imports.
- Privilege Escalation (SAFE): No use of sudo, chmod, or system-level permission modification commands.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or startup services.
- Metadata Poisoning (SAFE): Metadata fields in SKILL.md accurately describe the skill's purpose without deceptive instructions.
- Indirect Prompt Injection (SAFE): The skill serves as static reference documentation and does not provide tools that ingest or process untrusted external data into the agent's prompt context.
- Time-Delayed / Conditional Attacks (SAFE): No logic was found that gates operations based on date, time, or specific environment triggers.
- Dynamic Execution (SAFE): No use of eval(), exec(), or runtime code generation. Code snippets are static examples for developer guidance.
Audit Metadata