tanstack-router
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing industry-standard packages from the TanStack organization (@tanstack/react-router, @tanstack/router-vite-plugin, and @tanstack/router-devtools). These are well-known and trusted resources within the software development community.\n- [COMMAND_EXECUTION]: Includes standard npm installation commands for setting up the router and its corresponding build-tool plugin.\n- [DATA_EXFILTRATION]: Provides examples of data fetching using the native fetch API to relative internal paths (e.g., /api/posts/). No evidence of unauthorized data transmission to external or untrusted domains was found.\n- [PROMPT_INJECTION]: The skill addresses potential indirect prompt injection surfaces by demonstrating best practices for sanitizing user-controlled input: \n
- Ingestion points: URL path parameters (postId) and search parameters (page, filter, search) in routes/posts/index.tsx.\n
- Boundary markers: Not explicitly required for this implementation type.\n
- Capability inventory: Data fetching (fetch) and programmatic navigation (navigate/redirect) in various components.\n
- Sanitization: Explicitly uses Zod schemas (postsSearchSchema) to validate and sanitize search parameters, which effectively mitigates common injection risks.
Audit Metadata