streamdown
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and implementation examples for a React library. It does not contain any executable scripts, sensitive data, or malicious patterns.
- [PROMPT_INJECTION]: The skill provides patterns for rendering AI-generated content, which is a common ingestion point for untrusted data. However, it includes safety mechanisms such as the 'linkSafety' configuration for external link confirmation and recommended sanitization practices (e.g., using rel='noopener noreferrer' and target='_blank' for external links). No attempts to bypass safety filters or override agent behavior were found.
- [EXTERNAL_DOWNLOADS]: The skill references standard open-source dependencies such as shiki, mermaid, and katex, along with vendor-specific packages like @streamdown/code. These are documented for installation via standard package managers and do not involve suspicious remote script execution or unverifiable sources.
Audit Metadata