Skills
skills/salvo-rs/salvo-skills/salvo-csrf/Gen Agent Trust Hub

salvo-csrf

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a code example vulnerable to indirect injection (XSS). \n- Ingestion points: User-supplied form data is parsed via req.parse_form::<FormData>() in SKILL.md. \n- Boundary markers: No input validation or boundary markers are present in the provided example. \n- Capability inventory: The example demonstrates outputting data to the client using res.render. \n- Sanitization: The example reflects the message field directly into the HTML response without any sanitization or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 06:50 AM