copilotkit-debug
Fail
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill serves as a debugging and documentation resource for the CopilotKit ecosystem. The instructions and reference materials are consistent with this purpose.
- [COMMAND_EXECUTION]: The skill suggests standard diagnostic commands such as 'npm ls' for checking package versions and 'curl' for testing local API endpoints (e.g., 'http://localhost:3001/api/copilotkit/info'). these are typical for development environments.
- [EXTERNAL_DOWNLOADS]: References an MCP server at 'https://mcp.copilotkit.ai/mcp' and official documentation at 'docs.copilotkit.ai'. These are vendor-owned resources (CopilotKit) and are used for documentation lookups.
- [CREDENTIALS_UNSAFE]: Mentions standard environment variable names like 'OPENAI_API_KEY' and 'ANTHROPIC_API_KEY' in the context of configuration requirements, but does not contain hardcoded secrets or instructions to expose credentials.
- [FALSE_POSITIVE_ALERT]: An automated scan flagged 'references/quick-workflows.md' for suspicious HTTP request patterns. Analysis confirms this is a false positive triggered by the high density of legitimate diagnostic 'curl' examples and API endpoint documentation.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
Audit Metadata