gpui-components
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive file paths (e.g., credentials, SSH keys) or perform network operations to non-whitelisted domains. No hardcoded secrets were identified.
- Obfuscation (SAFE): All content is provided in clear text. No Base64, zero-width characters, homoglyphs, or encoded commands were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard Rust crates (
gpui,gpui-component). It does not contain patterns for downloading and piping remote scripts to a shell or executing arbitrary code from untrusted sources. - Privilege Escalation & Persistence (SAFE): No commands for acquiring administrative privileges (
sudo) or establishing persistence (e.g., crontab, shell profiles) were found. - Indirect Prompt Injection (SAFE): The skill provides templates for UI components that handle user input, such as autocomplete providers. These are standard implementation patterns and do not create an exploitable surface for the agent's internal logic.
Audit Metadata