route-handler-design
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions for building public API endpoints (Route Handlers) that ingest untrusted user input from HTTP requests, creating an indirect prompt injection surface.
- Ingestion points: Data enters the application context via standard methods like
request.json,request.formData, andrequest.textas documented inSKILL.md. - Boundary markers: Includes explicit instructions stating every Route Handler is a public surface and requires authentication and authorization.
- Capability inventory: Illustrated examples show handlers performing database operations and enqueuing tasks.
- Sanitization: Recommends using schema validation (e.g.,
Schema.safeParse) to validate and sanitize input before processing. - [EXTERNAL_DOWNLOADS]: Mentions well-known and trusted services, such as Stripe and Vercel, for handling webhooks and geolocation functionality. These references are neutral and consistent with the skill's purpose.
Audit Metadata