copilotkit-nextjs-integration

[Skill Scanner] Download or install from free hosting/deployment platform detected BENIGN: The skill/documentation appears coherent with its stated purpose for CopilotKit TypeScript integration. Data flows rely on standard server-side environment variables and internal API calls, with no evident credential harvesting or data exfiltration patterns. A minor caution is warranted about non-null assertions for environment variables to ensure proper deployment configuration. LLM verification: This SKILL.md fragment appears to be documentation/example code for integrating CopilotKit into a TypeScript/Next.js app. I found no direct malicious code, obfuscation, hidden payloads, hard-coded secrets, or suspicious network endpoints in the provided text. The primary security considerations are standard for LLM integrations: protecting the OPENAI_API_KEY, ensuring the runtime/adapter packages are trustworthy, and being aware that action parameters and component state are forwarded to the run

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's functionality is plausible and consistent with its stated purpose, but it contains high-risk data flows by design: it serializes and forwards application state, conversation history, and potentially browser credentials to a configurable Copilot Runtime and arbitrary LLM endpoints. There is no enforced allow-listing or sanitization in the provided examples, and custom adapters can post to any URL; combined with client-side credentials='include' and Authorization header examples, this creates a strong potential for accidental credential or data exfiltration if integrated incorrectly. I find no evidence of covert malicious code, obfuscation, or built-in credential harvesting; the risks are architectural and misuse-driven. Recommendation: treat the runtime and adapters as fully trusted components, enforce server-side validation of actions, never send sensitive tokens or cookies to untrusted runtimes, and add allow-lists and sanitization in production deployments. LLM verification: No direct malware or obfuscated malicious code found in the provided documentation fragment. However, the integration pattern enables high-risk behaviors: forwarding Authorization tokens and cookies to arbitrary runtime endpoints and exposing arbitrary app state and action handlers to the runtime/LLM. These capabilities are legitimate for agentic UIs but pose significant risk if runtimeUrl is untrusted or if developers expose sensitive state or credentials. Recommend treating this as a high-risk