Skills
skills/terminalskills/skills/qwik/Gen Agent Trust Hub

qwik

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Qwik framework and its dependencies using npm create qwik@latest and npm install. These are standard procedures for the well-known Qwik ecosystem.
  • [COMMAND_EXECUTION]: Uses routine development commands such as npm run dev, npm run build, and npm run deploy to manage the application lifecycle.
  • [DATA_EXFILTRATION]: Correctly implements environment variable access via env.get('API_URL') for network requests, avoiding hardcoded secrets and following secure configuration practices.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis:
  • Ingestion points: Untrusted data is retrieved from external APIs in src/routes/articles/index.tsx and from user forms in src/routes/articles/new/index.tsx.
  • Boundary markers: No explicit boundary markers are shown, which is standard for architectural documentation.
  • Capability inventory: Network capabilities via the fetch API are utilized for data synchronization.
  • Sanitization: Employs zod$ for rigorous schema validation and sanitization of incoming form data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 09:36 AM