react-router-declarative-mode
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of prompt injection, such as instructions to ignore safety filters or bypass constraints, were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were found. The skill only references official React Router documentation.
- [Obfuscation] (SAFE): No use of Base64, zero-width characters, or other obfuscation techniques was identified.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The code examples use the standard 'react-router' package. No remote script execution (e.g., curl | bash) or dynamic code execution patterns were found.
- [Indirect Prompt Injection] (SAFE): Although the skill handles untrusted data from URLs (via useParams and useSearchParams), it specifically includes a 'Type Safety' section that provides guidance on validation and sanitization to prevent common vulnerabilities.
- [Persistence & Privilege Escalation] (SAFE): No commands related to system persistence or privilege escalation (like sudo or modifications to shell profiles) were detected.
Audit Metadata