validated-handler

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill provides code templates and architectural patterns for building robust API routes in Next.js.
  • [DATA_EXPOSURE]: The implementation of validatedHandler includes a catch-all error handler that logs detailed errors to console.error for server-side debugging while returning a generic 'Internal server error' to the client, preventing sensitive stack trace exposure.
  • [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found in the instructions or code examples.
  • [INDIRECT_PROMPT_INJECTION]: The skill addresses potential data poisoning and injection attacks by providing a structured validation layer (Zod).
  • Ingestion points: API handlers ingest untrusted data via request.json() (POST/PUT/PATCH) and request.url search parameters (GET).
  • Boundary markers: Zod schemas act as strict boundary markers, ensuring data conforms to expected types and constraints before processing.
  • Capability inventory: Examples demonstrate database operations using Drizzle ORM (db.query, db.insert, db.update), which provides built-in protection against SQL injection.
  • Sanitization: Validation occurs at the entry point via schema.safeParse, effectively sanitizing input before it reaches business logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:20 PM
Security Audit — agent-trust-hub — validated-handler