gpui-component
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to override the AI agent's behavior, bypass safety filters, or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive file paths (e.g., SSH keys, AWS credentials) or perform unauthorized network operations.
- [Obfuscation] (SAFE): No encoded content (Base64), zero-width characters, homoglyphs, or other obfuscation techniques were detected in the documentation or code snippets.
- [Unverifiable Dependencies & RCE] (SAFE): No remote scripts are downloaded or executed. The skill contains Rust code examples but does not include any mechanism for runtime execution of external code.
- [Privilege Escalation] (SAFE): The skill does not utilize commands that acquire elevated permissions (e.g., sudo, chmod 777).
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or registry keys for persistence were found.
- [Metadata Poisoning] (SAFE): Metadata fields like author and version are legitimate and do not contain hidden malicious directives.
- [Indirect Prompt Injection] (SAFE): The skill is a static reference library; it does not ingest or process untrusted external data from APIs or web pages.
- [Time-Delayed / Conditional Attacks] (SAFE): No behavior is gated by date, time, or specific environmental conditions.
- [Dynamic Execution] (SAFE): There is no usage of unsafe dynamic evaluation (e.g., eval, exec) or runtime compilation techniques.
Audit Metadata