streamdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation instructs the user to install several NPM packages from the
@streamdownscope. While these are not from the pre-approved trusted list, they are essential to the skill's primary purpose. Severity is downgraded from MEDIUM to LOW as per the use-case rule. - [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or sensitive file access patterns were found. The skill actively mitigates exfiltration risks through a 'Link Safety' confirmation modal and
rehype-hardenfor protocol/domain restrictions. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns of piping remote content to a shell (e.g., curl|bash) or dynamic execution of system commands were detected. Diagram rendering (Mermaid) and Math (KaTeX) are executed client-side.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a renderer for AI-generated text, the skill represents a surface for indirect prompt injection. A malicious AI response could attempt to exploit the rendering engine or use social engineering via the rendered output.
- Ingestion points: Untrusted data enters via the
childrenprop of theStreamdowncomponent (e.g.,assets/examples/basic-streaming.tsx). - Boundary markers: None explicitly defined in the provided component usage, though standard React prop boundaries apply.
- Capability inventory: The skill allows rendering of raw HTML (via
rehype-raw), Mermaid diagrams, and KaTeX math. - Sanitization: Robust sanitization is provided via
rehype-sanitizeandrehype-hardenby default.
Audit Metadata