build-with-tambo
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
npm installandnpx tambofor project initialization and component management. These commands are used to install the vendor's own packages (@tambo-ai/react) and execute the vendor's CLI tool. - [EXTERNAL_DOWNLOADS]: The CLI fetches component source code and configuration templates from vendor-managed domains (ui.tambo.co and console.tambo.co), which is the intended behavior for this developer tool.
- [DATA_EXFILTRATION]: The skill handles a vendor-specific API key for authentication and environment variable setup. No patterns of unauthorized credential exposure or data exfiltration to non-vendor domains were detected.
- [PROMPT_INJECTION]: No instructions aimed at overriding AI behavior, bypassing safety guidelines, or extracting system prompts were found in the provided files.
Audit Metadata