chatkit-backend

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] No direct indicators of obfuscated or overtly malicious code exist in the provided files. The primary security concern is the agent runtime (Runner/todo_agent and any tools it can invoke), which is a high-trust component capable of external network calls and side effects; it should be audited and sandboxed. Other risks: lack of input sanitization, potential stored XSS when messages are rendered, permissive CORS examples, no rate limiting, and possible log leakage. Overall: functional and coherent for purpose, but treat as moderate security risk until agent/tool implementations and operational protections are reviewed and enforced. LLM verification: This skill implements a ChatKit-compatible FastAPI backend correctly and its behavior aligns with its stated purpose. There is no explicit malicious code in the provided files. However, it introduces supply-chain and privacy risks through delegation to an external 'agents' Runner and by embedding user identifiers and conversation history into model inputs. The greatest risk is the trust boundary: the Runner/agents SDK could forward sensitive data to external model endpoints or run tools that per