Skills
skills/naimalarain13/hackathon-ii_the-evolution-of-todo/chatkit-js/Gen Agent Trust Hub

chatkit-js

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes @openai/chatkit-react. This package is associated with a trusted organization (OpenAI) and its use is consistent with the skill's primary purpose of providing a chat interface.
  • [DATA_EXPOSURE] (SAFE): Authentication is handled using session tokens via standard Authorization Bearer headers. API endpoints and domain keys are managed through environment variables (NEXT_PUBLIC_CHAT_API_URL, NEXT_PUBLIC_OPENAI_DOMAIN_KEY), which is a recommended practice.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The chat interface is an inherent surface for indirect prompt injection via the data it processes (AI responses). However, this is a standard risk for chat applications and is mitigated by the underlying LLM's safety guardrails rather than the UI code itself.
  • [COMMAND_EXECUTION] (SAFE): No arbitrary command execution or shell spawning patterns were detected in the provided TypeScript files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:13 PM