sveltekit-remote-functions
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns of instruction overriding, role-play jailbreaking, or safety filter bypass attempts were detected in the skill instructions or documentation.
- [DATA_EXFILTRATION]: The skill does not contain any commands for unauthorized data access or network requests to external domains. Examples involving
getRequestEvent()are standard for SvelteKit server-side logic and authentication handling. - [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or other sensitive credentials were found. Documentation correctly suggests handling sensitive data in
.envfiles or using private form fields (prefixed with_) to prevent unintended data round-trips. - [REMOTE_CODE_EXECUTION]: No remote script downloads, piped execution (e.g., curl|bash), or dynamic code execution patterns were identified. The skill documentation refers to standard NPM packages like Valibot and Zod for schema validation.
- [COMMAND_EXECUTION]: The skill does not execute arbitrary shell commands. Mentions of CLI tools in documentation relate to standard developer workflows for validation and maintenance.
- [DATA_EXPOSURE]: The skill emphasizes the use of StandardSchemaV1 for input validation, which is a security best practice to prevent injection and malformed data processing in server-side functions.
Audit Metadata