zod
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill primarily serves as a documentation resource for schema validation with Zod.
- [METADATA_POISONING]: The skill documentation refers to 'Zod 4.x' and includes features like
z.codec()andz.iso.*that do not exist in the current stable version of the library (v3.23.x). Additionally, thelast_verifieddate is set in the future (2025-11-17). While these discrepancies result in non-functional code examples for the current version of Zod, they do not facilitate a security breach or direct users toward malicious third-party scripts or registries. - [EXTERNAL_DOWNLOADS]: The skill suggests installing the standard
zodpackage via legitimate package managers (bun, yarn, npm) from the official registry. All referenced ecosystem packages (e.g.,trpc,react-hook-form,hono) are well-known and legitimate. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as piping network downloads to a shell or using
eval()on untrusted input, were found in the skill or its references.
Audit Metadata