streamdown
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- Markdown Content Processing: The skill is designed to render untrusted data from AI responses. It addresses potential security risks by including rehype-sanitize and rehype-harden in its default rendering pipeline to prevent cross-site scripting (XSS) and restrict unsafe protocols.
- Link Safety Features: A confirmation modal is enabled by default for external links. This security layer ensures that users must explicitly confirm navigation to URLs generated by the AI, which helps mitigate risks associated with malicious links.
- External Asset Configuration: The component allows for an optional cdnUrl (defaulting to https://streamdown.ai/cdn) to load styles or highlighting assets. This is a common pattern for libraries providing complex UI features like syntax highlighting and diagrams.
- Standard Dependency Usage: The documentation references the installation of scoped packages (@streamdown/*) from standard package registries, which is the expected method for integrating this functionality into a React project.
Audit Metadata