zod
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate technical assistant for the Zod library. No malicious code or suspicious behaviors were found across the provided files. No network operations or sensitive file access patterns were detected outside of documentation references.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and validate untrusted data using Zod schemas. This is inherent to the skill's purpose as a validation assistant.\n
- Ingestion points: User-provided schemas and data strings parsed via methods like
.parse()or.safeParse()inSKILL.md.\n - Boundary markers: No explicit delimiters or instructions are provided to the agent to prevent the execution of instructions embedded in the data being validated.\n
- Capability inventory: Example code in
references/api.mddemonstrates using validated data for subsequent tasks like database lookups (e.g.,db.getUserById).\n - Sanitization: The skill relies on Zod's schema validation to ensure data matches expected formats, but does not provide specific sanitization for LLM instructions.
Audit Metadata