Skills
skills/kyuhyi/bsd_claude_skills/ai-chatbot-builder/Gen Agent Trust Hub

ai-chatbot-builder

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): Insecure prompt interpolation in app/api/chat/route.ts. The code takes the messages array directly from the user's request and spreads it into the OpenAI API call without validation or filtering. An attacker can craft payloads to impersonate roles or override the system prompt instructions. \n- Evidence Chain for Category 8 (Indirect Prompt Injection): \n
  • Ingestion points: The POST request body is parsed via req.json() in app/api/chat/route.ts. \n
  • Boundary markers: Absent; the hardcoded system message is followed immediately by the unescaped client history. \n
  • Capability inventory: LLM streaming chat response generation. \n
  • Sanitization: Absent; no role validation or content filtering is applied to the incoming messages array. \n- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation refers to standard dependencies like openai, ai (Vercel AI SDK), and langchain. While these are from trusted sources, they represent external dependencies.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:07 AM