solid-impl-solidstart
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides documentation and code patterns for the SolidStart web framework. It identifies current API standards (query, createAsync, action) and warns against deprecated 0.x patterns, ensuring the agent generates modern and compatible code.
- [PROMPT_INJECTION]: The skill identifies surfaces for indirect prompt injection (Category 8) common in full-stack web development.
- Ingestion points: Technical patterns for handling untrusted data from
formData, routeparams, and API request bodies are detailed inSKILL.mdandreferences/examples.md. - Boundary markers: Examples include standard SolidJS
<Suspense>and<ErrorBoundary>components for managing asynchronous state and failure modes. - Capability inventory: Full server-side execution capability is documented via the
"use server"directive and API route handlers insrc/routes/api/. - Sanitization: A code example in
references/examples.mdusesinnerHTMLfor rendering blog content. While standard for CMS implementations, it is noted as an XSS surface area requiring proper input sanitization.
Audit Metadata