chatkit-frontend
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The documentation references the installation of
@openai/chatkit-react. As this package belongs to a trusted organization (OpenAI), the dependency is considered low-risk. - CREDENTIALS_UNSAFE (SAFE): The examples demonstrate using
process.envfor API keys and a secure callback pattern (getClientSecret) for session management. No hardcoded secrets or sensitive tokens were found in the reference material. - INDIRECT_PROMPT_INJECTION (LOW): The library exposes event handlers like
onClientToolandonMessagewhich process data from a backend. - Ingestion points: Data enters through the
apiconfiguration and Server-Sent Events (SSE). - Boundary markers: None explicitly defined in the UI reference.
- Capability inventory: The library handles client-side UI rendering and basic routing (
router.push). - Sanitization: Standard React rendering provides protection against XSS, and the documented patterns do not involve high-privilege system operations.
- DATA_EXFILTRATION (SAFE): Network communication is restricted to the user-configured API backend and official OpenAI documentation links.
Audit Metadata