route-handler-design

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill provides instructions for building public API endpoints (Route Handlers) that ingest untrusted user input from HTTP requests, creating an indirect prompt injection surface.
  • Ingestion points: Data enters the application context via standard methods like request.json, request.formData, and request.text as documented in SKILL.md.
  • Boundary markers: Includes explicit instructions stating every Route Handler is a public surface and requires authentication and authorization.
  • Capability inventory: Illustrated examples show handlers performing database operations and enqueuing tasks.
  • Sanitization: Recommends using schema validation (e.g., Schema.safeParse) to validate and sanitize input before processing.
  • [EXTERNAL_DOWNLOADS]: Mentions well-known and trusted services, such as Stripe and Vercel, for handling webhooks and geolocation functionality. These references are neutral and consistent with the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 07:51 AM
Security Audit — agent-trust-hub — route-handler-design