integrate-zod-env

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file references/.env.example.template contains example environment variables with placeholder secrets (e.g., BETTER_AUTH_SECRET=your-secret-key-here). These are standard documentation practices and do not constitute a leak of sensitive production data.\n- [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided .env.example files to generate validation code. This is the primary function of the skill; however, it represents a potential surface for indirect prompt injection if the source data is compromised.\n
  • Ingestion points: Content from user-provided .env.example files.\n
  • Boundary markers: The skill does not define specific delimiters for isolating ingested data during the generation process.\n
  • Capability inventory: The skill generates TypeScript code files but does not execute them or perform network requests.\n
  • Sanitization: No sanitization is performed on the input file content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 11:55 AM
Security Audit — agent-trust-hub — integrate-zod-env