solid-impl-solidstart

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides documentation and code patterns for the SolidStart web framework. It identifies current API standards (query, createAsync, action) and warns against deprecated 0.x patterns, ensuring the agent generates modern and compatible code.
  • [PROMPT_INJECTION]: The skill identifies surfaces for indirect prompt injection (Category 8) common in full-stack web development.
  • Ingestion points: Technical patterns for handling untrusted data from formData, route params, and API request bodies are detailed in SKILL.md and references/examples.md.
  • Boundary markers: Examples include standard SolidJS <Suspense> and <ErrorBoundary> components for managing asynchronous state and failure modes.
  • Capability inventory: Full server-side execution capability is documented via the "use server" directive and API route handlers in src/routes/api/.
  • Sanitization: A code example in references/examples.md uses innerHTML for rendering blog content. While standard for CMS implementations, it is noted as an XSS surface area requiring proper input sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:08 AM
Security Audit — agent-trust-hub — solid-impl-solidstart