component-rendering
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No sensitive file access or unauthorized network requests detected. The skill primarily documentation for
@tambo-ai/react. - [Indirect Prompt Injection] (LOW): The skill defines patterns for rendering streamed content from an AI, creating a standard surface for indirect prompt injection via prop streaming. \n
- Ingestion points:
useTamboStreamStatusanduseTamboComponentStatehooks (SKILL.md) ingest external data.\n - Boundary markers: Absent in the provided examples.\n
- Capability inventory: Limited to UI rendering and application state management; no system-level capabilities detected.\n
- Sanitization: Implicitly handled by React's standard DOM escaping.
Audit Metadata