zod-validation-patterns
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a file named 'skill-report.json' that provides a pre-authored 'safe' verdict and security summary. This content explicitly targets security analyzers to bypass or influence their findings, which is a known self-referential indirect injection pattern (Category 8e).
- [PROMPT_INJECTION]: The documentation contains deceptive metadata, including a future update date (November 2025) and a citation for Zod version 4.1.12, which does not currently exist. This qualifies as metadata poisoning intended to mislead users or systems about the skill's currency and provenance.
- [PROMPT_INJECTION]: Indirect prompt injection attack surface evaluation: * Ingestion points: 'skill-report.json' and various markdown files. * Boundary markers: None present. * Capability inventory: The skill consists of static documentation; it lacks tools or scripts capable of performing shell execution, network exfiltration, or persistence. * Sanitization: Not applicable for read-only documentation content.
Audit Metadata