zod
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely educational and provides defensive programming guidelines. It teaches agents and developers how to properly validate external data to prevent common vulnerabilities like SQL Injection and Cross-Site Scripting (XSS).
- [DATA_EXPOSURE]: No hardcoded credentials or sensitive data exposure patterns were found. Examples provided use placeholder strings and standard domain logic.
- [REMOTE_CODE_EXECUTION]: No remote code execution or unauthorized package installation commands were detected. The skill focuses on schema definition and parsing logic within the Zod framework.
- [PROMPT_INJECTION]: The instructions are clear, instructional, and do not contain any attempt to bypass agent safety filters or override system instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill addresses the surface of indirect prompt injection by teaching proper validation of untrusted data (e.g., in
references/schema-string-validations.mdandreferences/parse-never-trust-json.md), serving as a security enhancement rather than a risk factor.
Audit Metadata