fullstack-modern
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions and documentation are purely technical and do not contain any instructions attempting to override agent behavior, bypass safety filters, or extract system prompts.
- [CREDENTIALS_UNSAFE]: The snippets include example environment variables such as
API_SECRET_KEY=sk_live_xxxxx. These are clearly identified as placeholders in a documentation context and do not expose actual secrets. - [EXTERNAL_DOWNLOADS]: No unauthorized external downloads or remote scripts are triggered. The snippets reference well-known, legitimate libraries like
@tanstack/react-query,zod, andnext. - [COMMAND_EXECUTION]: The provided code focuses on application-level logic (API routes, UI components) and does not involve the execution of shell commands, subprocess spawning, or system-level configuration changes.
- [DATA_EXFILTRATION]: Network operations described (fetch, GraphQL, WebSockets) are standard for fullstack applications and use placeholder domains (example.com). There is no logic present that reads sensitive system files for exfiltration.
- [SAFE]: The skill demonstrates defensive coding practices, such as using Zod for build-time environment variable validation and implementing token checks for preview modes.
Audit Metadata