live-chat-commerce
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to guide the implementation of customer service chat tools. The provided TypeScript code snippets for custom implementations follow industry best practices, such as using WebSockets for real-time communication and implementing stateless server-side lookups for order information.
- [DATA_EXPOSURE]: The skill accesses commerce-related data (customer carts, order history, and profiles) which is appropriate for its stated purpose as a CRM and commerce tool. No access to sensitive system files, environment variables, or hardcoded credentials was found.
- [COMMAND_EXECUTION]: The skill does not contain any patterns for executing arbitrary system commands or spawning unauthorized subprocesses. The logic is restricted to database interactions and WebSocket message handling.
- [EXTERNAL_DOWNLOADS]: The skill references standard e-commerce platforms (Shopify, WooCommerce, BigCommerce) and established third-party services (Tidio, Gorgias, LiveChat). It suggests using the well-known 'ws' package for custom WebSocket servers, which is a standard industry dependency.
- [PROMPT_INJECTION]: No evidence of prompt injection attempts, safety filter bypasses, or instructions to ignore system guidelines was detected in the skill's instructions or metadata.
Audit Metadata