cometchat-react-reactjs
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches component templates and styles from the official CometChat GitHub repository.
- [REMOTE_CODE_EXECUTION]: Executes the vendor's official CLI tool (@cometchat/skills-cli) via npx to handle project scaffolding and dependency installation.
- [COMMAND_EXECUTION]: Uses shell commands to perform project detection, file system operations for state management, and package installation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external sources.
- Ingestion points: Shell output from the CometChat CLI and code content fetched via curl from GitHub (SKILL.md).
- Boundary markers: CLI interactions often use JSON for structured data exchange, reducing interpretation ambiguity.
- Capability inventory: The skill uses executeBash, readFile, fileSearch, and listDirectory tools.
- Sanitization: No explicit sanitization or delimiters are specified for content fetched from the remote repository.
Audit Metadata