building-chat-interfaces
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill identifies and documents patterns for an indirect prompt injection surface by interpolating untrusted external data directly into the agent's context.
- Ingestion points: External data enters the agent context via user-provided messages (
input_user_message.content) inSKILL.mdand webpage metadata (URL, title, description, and headings) extracted via DOM selectors inreferences/chatkit-integration-patterns.md. - Boundary markers: The prompt construction logic in
SKILL.mddoes not utilize delimiters (e.g., XML tags) or explicit instructions for the agent to ignore potentially malicious embedded commands within the ingested data. - Capability inventory: The documented backend patterns include support for tool execution (
tools=[your_search_tool]) and MCP tool authentication, providing a potential path for exploitation if an injection occurs. - Sanitization: The provided code snippets do not include logic for sanitizing or validating external content before it is processed by the LLM.
- [EXTERNAL_DOWNLOADS]: The skill references an external JavaScript bundle from
cdn.platform.openai.comfor loading the ChatKit web component. This reference targets a well-known technology provider and is part of the standard deployment strategy for the featured library.
Audit Metadata