assistant-ui
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of Markdown documentation. No executable scripts, system commands, or configuration files were found across the provided files.
- [Indirect Prompt Injection] (SAFE): The library described in the documentation is designed to process untrusted data (AI responses, user messages, and tool outputs), which is an inherent attack surface for chat interfaces.
- Ingestion points: File
references/architecture.mddefines theThreadMessagedata structure which ingests text, images, and tool results. - Boundary markers: Not explicitly defined in this architectural overview.
- Capability inventory: File
references/packages.mdlists support for markdown rendering and tool call handling. - Sanitization: The documentation mentions the
safe-content-framepackage specifically for sandboxed iframe content, indicating a focus on security for rendered content.
Audit Metadata