Skills
NYC
skills/ovachiever/droid-tings/ai-sdk-ui/Gen Agent Trust Hub

ai-sdk-ui

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (XSS). The skill contains documentation and commented-out code segments (in references/streaming-patterns.md and templates/custom-message-renderer.tsx) that suggest using 'dangerouslySetInnerHTML' to render content directly from the AI.
  • Ingestion points: AI message content processed by the useChat hook and history loaded from localStorage (in templates/message-persistence.tsx).
  • Boundary markers: No explicit delimiters or instruction-ignoring warnings are present in the rendering logic.
  • Capability inventory: Browser-side DOM manipulation and script execution.
  • Sanitization: The provided patterns do not include HTML sanitization (e.g., DOMPurify), making the resulting UI vulnerable to XSS if an attacker performs indirect prompt injection through external data sources.
  • [EXTERNAL_DOWNLOADS] (SAFE): The utility script scripts/check-versions.sh uses npm view to fetch version information. This is a standard developmental tool and does not constitute a remote code execution risk in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:54 PM