tanstack-router
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill content is purely technical documentation and does not contain any instructions aimed at overriding agent behavior or bypassing safety filters.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file paths, or suspicious network operations were found. API calls shown are illustrative patterns for local feature APIs.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no remote script downloads (e.g., curl | bash). Dynamic imports and lazy loading patterns utilize local or aliased paths (~/...), which is standard frontend development practice.
- [COMMAND_EXECUTION] (SAFE): No subprocess spawning or shell command execution detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill describes handling external data from URL parameters and search queries, it explicitly demonstrates best practices for sanitization using Zod schema validation. The capabilities (navigation, data fetching) present minimal risk in this context.
- [DYNAMIC_EXECUTION] (LOW): Uses standard JavaScript dynamic imports for lazy loading components and modules. This is not used for executing untrusted code or bypassing security controls.
Audit Metadata