chat-sdk
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation guide for the 'chat' npm package and its associated adapters. All code examples use industry-standard patterns such as environment variables for secrets (e.g., SLACK_BOT_TOKEN) and standard library imports.
- [PROMPT_INJECTION]: The skill describes a system that ingests untrusted user input from chat platforms (e.g., messages and mentions) and passes them to AI models. This is an inherent property of chat bot development.
- Ingestion points: User messages received via platform adapters (Slack, Discord, etc.) in
SKILL.md. - Boundary markers: None explicitly defined in the basic code examples.
- Capability inventory: The skill allows the agent to post messages and interactive cards to chat threads, and manage persistent state via Redis.
- Sanitization: Not explicitly implemented in the high-level SDK examples; the skill assumes the developer will implement appropriate model safety measures.
Audit Metadata