threads
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the '@tambo-ai/react' package to provide conversation management capabilities. This is a vendor-owned resource matching the skill author 'tambo-ai' and is used for its intended purpose of platform integration.- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through its handling of AI-generated content:
- Ingestion points: Message content and suggestions are ingested through 'useTambo' and 'useTamboSuggestions' hooks as documented in SKILL.md.
- Boundary markers: The provided code snippets do not implement specific delimiters or instructions to ignore instructions embedded within the conversation stream.
- Capability inventory: The skill provides the ability to send network requests via the 'submit' function and render dynamic UI components through 'ComponentRenderer'.
- Sanitization: No sanitization or validation of AI-provided component props or message content is demonstrated in the implementation examples.
Audit Metadata