sanity-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains architectural guidance and code patterns for integrating Sanity with various web frameworks. All references and tools are official Sanity resources or well-known development utilities.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing standard packages from the NPM registry and using Sanity's official API endpoints. These are legitimate development dependencies for the platform.
- [INDIRECT_PROMPT_INJECTION]: Documentation describes fetching content from the Sanity Content Lake into applications. While this constitutes data ingestion, it follows standard headless CMS integration patterns.
- Ingestion points: Application loaders fetching data from the Sanity API (e.g., in references/nextjs.md and references/remix.md).
- Boundary markers: Standard framework-level separation between code and data; content is treated as structured objects.
- Capability inventory: Shell command execution (npx sanity), file system modifications for configuration, and Content Lake mutations via authorized clients.
- Sanitization: Relies on web framework defaults (React, Angular, etc.) for safe rendering of CMS content.
Audit Metadata