Skills
skills/agents-inc/skills/web-routing-react-router/Gen Agent Trust Hub

web-routing-react-router

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external API endpoints via route loaders and actions, which is subsequently rendered in the UI (e.g., using useLoaderData in examples/data-loading.md). This creates an attack surface for indirect prompt injection if the API content is attacker-controlled.
  • Ingestion points: The skill utilizes useLoaderData, useActionData, useSearchParams, and useOutletContext to ingest external or user-controlled data into the agent's rendering context (documented in SKILL.md and all example files).
  • Boundary markers: No delimiters or specific instructions to ignore embedded prompts are present in the provided code examples.
  • Capability inventory: The skill is configured to perform network requests via fetch and manage application navigation via redirect, useNavigate, and Link.
  • Sanitization: The examples do not demonstrate explicit validation or sanitization of the fetched data before it is rendered to the components.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 01:32 AM