copilotkit-nextjs-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill facilitates an 'agentic UI' where the LLM reads application state and triggers tools. This architectural pattern is susceptible to indirect prompt injection if untrusted data is included in the shared state.\n
- Ingestion points:
useCopilotReadablehooks intypescript/patterns/state-sharing.mdpass application data to the LLM.\n - Boundary markers: UI components like
CopilotPopupuse aninstructionsprop for system prompts, but the examples lack explicit delimiters for user-provided data.\n - Capability inventory:
useCopilotActionallows the LLM to execute functions, such as updating state or making API calls viafetch.\n - Sanitization: The patterns do not include explicit sanitization of shared state to prevent embedded instructions from influencing the model.
Audit Metadata