Skills
skills/ancoleman/ai-design-components/building-ai-chat/Gen Agent Trust Hub

building-ai-chat

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The file examples/tool-calling-chat.tsx implements a calculate tool that uses the JavaScript eval() function on an expression argument. Because this argument is generated by the AI based on user input, it allows an attacker to execute arbitrary code in the user's browser context.
  • COMMAND_EXECUTION (HIGH): The use of eval() creates a command injection vulnerability. A malicious prompt could deceive the AI into producing a tool call containing executable code instead of a simple mathematical expression.
  • DATA_EXFILTRATION (LOW): In references/multi-modal.md, the transcribeAudio function sends data to api.openai.com. This domain is not on the trusted whitelist, and while the data being sent is expected (audio), it constitutes a network operation to an external target without explicit boundary controls.
  • Indirect Prompt Injection (LOW): The skill provides code patterns for processing untrusted external data (images and files) in examples/multimodal-chat.tsx and references/multi-modal.md.
  • Ingestion points: handleImageUpload and FileInput components.
  • Boundary markers: None are implemented in the provided prompt templates or code snippets.
  • Capability inventory: Use of fetch() for network requests and FileReader for data ingestion.
  • Sanitization: Only basic MIME type validation is performed; there is no sanitization of the content to prevent embedded instruction attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:11 PM