validated-handler
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides code templates and architectural patterns for building robust API routes in Next.js.
- [DATA_EXPOSURE]: The implementation of
validatedHandlerincludes a catch-all error handler that logs detailed errors toconsole.errorfor server-side debugging while returning a generic 'Internal server error' to the client, preventing sensitive stack trace exposure. - [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found in the instructions or code examples.
- [INDIRECT_PROMPT_INJECTION]: The skill addresses potential data poisoning and injection attacks by providing a structured validation layer (Zod).
- Ingestion points: API handlers ingest untrusted data via
request.json()(POST/PUT/PATCH) andrequest.urlsearch parameters (GET). - Boundary markers: Zod schemas act as strict boundary markers, ensuring data conforms to expected types and constraints before processing.
- Capability inventory: Examples demonstrate database operations using Drizzle ORM (
db.query,db.insert,db.update), which provides built-in protection against SQL injection. - Sanitization: Validation occurs at the entry point via
schema.safeParse, effectively sanitizing input before it reaches business logic.
Audit Metadata