chatbot-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a privacy-first approach to analytics by focusing on conversation metadata (message counts, token usage, durations) rather than content processing.
- [DATA_EXPOSURE]: The implementation patterns include a explicit prohibited list for sensitive data such as 'messageContent', 'userQuery', and 'aiResponse' to prevent accidental exposure of PHI.
- [COMMAND_EXECUTION]: Although the skill defines permissions for Bash and npm/npx tools, the provided code consists of safe TypeScript implementation patterns and SQL schema definitions for data persistence without dangerous command execution.
- [EXTERNAL_DOWNLOADS]: The skill includes references to well-known industry blogs (Hiver, Botpress, Tidio) for educational purposes regarding chatbot metrics. These are informative resources and do not involve executable code downloads.
- [DYNAMIC_EXECUTION]: Database interactions utilize tagged template literals for SQL queries, which is a standard practice for preventing SQL injection by ensuring parameters are properly escaped.
Audit Metadata