streaming-llm-responses
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The skill contains architectural templates and benign verification logic.
- [Indirect Prompt Injection] (LOW): The skill implements patterns for handling untrusted data (user input) which then influences UI state (Client Effects) and reads client state (Client Tools). While this creates an attack surface common to all interactive AI agents, the implementation uses explicit, whitelisted event names (e.g.,
update_status,pan_to) rather than arbitrary code execution on the client. - Ingestion points:
respondmethod in Python backend processes user messages (item.content). - Boundary markers: Not explicitly defined in snippets; assumes the underlying
useChatKitlibrary manages message framing. - Capability inventory: UI manipulation (map markers, notifications, status updates) and state retrieval (form values, viewport bounds).
- Sanitization: The patterns use structured data handlers (switch statements) which mitigate many injection risks, though actual data validation (e.g., sanitizing
data.messagebefore display) is left to the user implementation. - [External Downloads] (LOW): References the
@openai/chatkit-reactpackage. Per [TRUST-SCOPE-RULE], OpenAI is a trusted organization, and the dependency is appropriate for the skill's stated purpose.
Audit Metadata