LLM
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The script imports and relies on
z-ai-web-dev-sdk(scripts/chat.ts). This package is not from a trusted source or organization defined in the security policy. While its use is central to the skill's purpose, the internal behavior of this dependency is unverified. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: The
promptargument in themainfunction is passed directly into the message history (scripts/chat.ts). - Boundary markers: Absent. There are no delimiters or instructions to the LLM to ignore embedded commands within the user input.
- Capability inventory: The skill uses an external SDK for completions and logs results to the console (scripts/chat.ts).
- Sanitization: Absent. No filtering or escaping is applied to the input before it is sent to the AI model.
Audit Metadata