bubbletea
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected.
- Prompt Injection: No attempts to override agent behavior or bypass safety filters were found. Use of the word 'CRITICAL' is limited to instructional layout rules.
- Data Exposure & Exfiltration: The skill mentions standard configuration file paths (~/.config/...) but does not include any commands to read or transmit sensitive data. Network operations are restricted to documentation links and standard package dependencies.
- Dependencies: All referenced dependencies (charmbracelet/bubbletea, mattn/go-runewidth, etc.) are well-known, legitimate open-source libraries within the Go ecosystem.
- Obfuscation: No obfuscated code, hidden characters, or encoding tricks were detected in the provided markdown or Go code snippets.
- Indirect Prompt Injection: The skill describes TUI layout and rendering patterns; it does not ingest untrusted external data in a way that would facilitate indirect injection attacks.
Audit Metadata