cometchat-native-production
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructs developers on transitioning from development-mode authentication (using static Auth Keys) to production-ready authentication (using server-minted tokens), which is a core security best practice.
- [SAFE]: The content explicitly warns against including the
REST_API_KEYin client-side bundles, React Native environment variables, or committed files, providing a clear security checklist for developers to follow. - [SAFE]: Code examples for various backend environments (Express, Hono, Firebase, Vercel) demonstrate secure UID derivation from authenticated sessions rather than trusting client-side input.
- [SAFE]: All external references and API calls target official CometChat domains or well-known, trusted service providers like Firebase, Supabase, Clerk, and Auth0.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or unauthorized data exfiltration were detected.
Audit Metadata