building-chat-interfaces

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Overall this skill appears functionally consistent with its stated purpose, but it contains potentially dangerous guidance: the MCP pattern that instructs embedding access tokens and user IDs directly into system prompts is a high-risk anti-pattern (credential leakage to LLMs/tools). Additionally, the examples inject page content and user info into request metadata and prompts without recommending redaction, consent, or limiting persistence — this creates privacy and exfiltration risk. There is no evidence of intentionally malicious code, but the documentation promotes insecure practices that could lead to credential or data leakage if followed. Recommend removing the instruction to place raw credentials in prompts, adding explicit redaction/sanitization guidance, and ensuring JWKS and API endpoints are validated. LLM verification: The code and documentation appear to be non-malicious example patterns for building chat interfaces with context injection, auth, persistence, and streaming agents. Primary risks are privacy exposure (client-side injection of page content and user info), supply-chain exposure from unpinned dependencies, and potential mis-implementation of JWT/JWKS verification. No direct malware indicators were found in the provided fragments, but developers should restrict and sanitize metadata sent from the cl