Skills
skills/salvo-rs/salvo-skills/salvo-csrf/Gen Agent Trust Hub

salvo-csrf

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Data Exposure & Exfiltration] (SAFE): The cryptographic keys provided in the code examples (e.g., sequential digits) are non-functional placeholders intended for documentation purposes and do not constitute actual secret exposure.\n- [Indirect Prompt Injection] (SAFE): The code provides a data ingestion surface that reflects user-provided form data directly into HTML responses, creating a potential Cross-Site Scripting (XSS) vulnerability surface if implemented in production without additional sanitization.\n
  • Ingestion points: req.parse_form within the handle_form handler in SKILL.md.\n
  • Boundary markers: None present in the documentation examples.\n
  • Capability inventory: The code demonstrates network binding via TcpListener and content delivery via res.render.\n
  • Sanitization: Not implemented in the provided snippets; user input is interpolated directly into HTML strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:42 PM