start-core
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill set is a developer documentation resource for the TanStack Start framework, focusing on correct architectural patterns and security boundaries.
- [DATA_EXFILTRATION]: Provides proactive guidance on preventing secret leakage by explaining the isomorphic execution model. It correctly distinguishes between client-safe environment variables (VITE_ prefix) and server-only secrets (process.env inside server functions).
- [EXTERNAL_DOWNLOADS]: Recommends installing standard, well-known packages and plugins from trusted organizations such as TanStack, Cloudflare, and Netlify. These are reputable sources within the web development ecosystem.
- [COMMAND_EXECUTION]: Includes standard terminal commands for package management (npm, pnpm) and project deployment using official CLI tools (Wrangler, Netlify). These operations are routine for the skill's stated purpose of project setup and hosting.
- [INDIRECT_PROMPT_INJECTION]: Addresses application-level injection risks by documenting the use of input validation (Zod) and emphasizing that client-sent context must be validated on the server before use in sensitive operations like database queries.
Audit Metadata