streamdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines patterns for rendering untrusted AI output which can be manipulated to include malicious HTML or instructions.\n
- Ingestion points: Markdown strings are passed to the
childrenprop of theStreamdowncomponent as shown in the chat example inSKILL.md.\n - Boundary markers: None explicitly shown in basic examples, though the library integrates with AI SDK message parts.\n
- Capability inventory: The library renders HTML (via
rehype-raw), displays Mermaid diagrams, and highlights code using Shiki.\n - Sanitization: The skill specifically includes a 'Security Configuration' section detailing the use of
rehype-hardento restrict URL protocols and block data images, which significantly reduces the risk of XSS and redirection attacks.\n- [External Downloads] (SAFE): Installation instructions involve standard npm/pnpm package management for 'streamdown' and 'ai-elements'. These are reputable libraries within the Vercel/AI-SDK ecosystem and do not constitute a malicious execution risk in this context.
Audit Metadata