chat-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection.
- Ingestion points: The skill processes untrusted user input from external chat platforms such as Slack, Teams, and Discord via events like
onNewMentionandonSubscribedMessage(SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the examples.
- Capability inventory: The skill has the capability to write back to chat threads (
thread.post), manage subscriptions, and interact with AI models (ToolLoopAgent) (SKILL.md). - Sanitization: No sanitization or validation of user-provided message text is described or implemented in the examples.
- [CREDENTIALS_UNSAFE]: Demonstrates safe secret management practices. The provided code examples utilize environment variables (e.g.,
process.env.SLACK_BOT_TOKEN,process.env.REDIS_URL) rather than hardcoding sensitive credentials. - [EXTERNAL_DOWNLOADS]: References official SDK packages from the vendor ecosystem (
chat,@chat-adapter/*). These are legitimate dependencies associated with the skill's stated purpose of building chat bots.
Audit Metadata