chat-widget
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structural guidance for developing a standard chat application. It includes proper security practices such as authorization checks for WebSocket subscriptions and database transactions.
- [PROMPT_INJECTION]: No malicious instructions, bypass attempts, or behavioral overrides were found in the skill content or metadata.
- [DATA_EXFILTRATION]: The skill does not contain instructions to access sensitive files (like SSH keys or credentials) or exfiltrate data to unauthorized domains. Data handling is limited to the application's own database and specified third-party services.
- [COMMAND_EXECUTION]: There are no patterns of arbitrary command execution, system-level calls, or shell script injection. The code provided is application-level logic for messaging and UI state.
- [EXTERNAL_DOWNLOADS]: The skill references well-known industry services for real-time data (Pusher, Ably) and transactional email (Postmark, SendGrid, AWS SES). These references are informational and point to trusted or well-known service providers.
Audit Metadata