better-chatbot
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access behaviors were detected. The skill instructions and reference materials promote secure development practices, such as mandatory authentication checks, input validation using Zod, and functional error handling with a safe() wrapper.
- [INDIRECT_PROMPT_INJECTION]: The skill describes an architecture that processes data from external sources via a three-tier tool system (MCP, Workflows, and Default Tools). Ingestion points include API route handlers (e.g., src/app/api/chat/route.ts) that process tool outputs. The skill mitigates potential risks by emphasizing strict schema validation and defensive coding patterns.
- [DYNAMIC_EXECUTION]: The technical documentation mentions built-in support for Javascript and Python execution as part of the project's standard toolset (Tier 3 Default Tools). This is presented as a core feature for data analysis and visualization within the chatbot platform.
Audit Metadata