Skills
skills/mjunaidca/mjs-agent-skills/chatkit-actions/Gen Agent Trust Hub

chatkit-actions

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface via entity tagging (@mentions) as described in references/entity-tagging.md.
  • Ingestion points: User-provided text containing @mentions and search queries processed by the onTagSearch hook.
  • Boundary markers: Entities are converted into XML-like markers (e.g., <ARTICLE_REFERENCE id='...'>) before being sent to the agent.
  • Capability inventory: The backend action() handler in references/server-action-handler.py allows for data mutation (e.g., database updates) and UI state manipulation based on user interactions with widgets.
  • Sanitization: While Jinja templates use the tojson filter, the entity conversion logic does not explicitly escape entity titles within the XML markers.
  • [COMMAND_EXECUTION]: The skill utilizes dynamic template rendering for generating UI widgets at runtime.
  • The SKILL.md and references/widget-templates.md files describe a pattern where WidgetTemplate.from_file executes Jinja2 templates on variable data to produce JSON UI definitions. This represents dynamic execution of template-based logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:14 PM