cometchat-core
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override agent behavior, bypass safety guidelines, or extract system prompts were detected. The language is purely instructional and follows standard development patterns.
- [CREDENTIALS_UNSAFE]: The skill explicitly warns against hardcoding authentication keys. It provides placeholders for configuration and recommends using environment variables (e.g., VITE_COMETCHAT_APP_ID) and secure backend-generated tokens for production environments.
- [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns identified. Network operations are limited to standard backend communication (fetch to local API) and official vendor documentation services.
- [REMOTE_CODE_EXECUTION]: References installation of official packages from the @cometchat namespace and provides instructions for adding an official MCP server from the vendor's website. No suspicious or unverified remote execution patterns were found.
- [OBFUSCATION]: No obfuscated code, hidden characters, or encoded strings were detected in the skill.
- [COMMAND_EXECUTION]: Includes benign development commands such as package installation (npm install) and MCP server configuration (claude mcp add), which are consistent with the skill's primary purpose.
Audit Metadata