skills/lobehub/lobe-chat/chat-sdk/Gen Agent Trust Hub

chat-sdk

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill acts as a documentation guide for the 'chat' npm package and its associated adapters. All code examples use industry-standard patterns such as environment variables for secrets (e.g., SLACK_BOT_TOKEN) and standard library imports.
  • [PROMPT_INJECTION]: The skill describes a system that ingests untrusted user input from chat platforms (e.g., messages and mentions) and passes them to AI models. This is an inherent property of chat bot development.
  • Ingestion points: User messages received via platform adapters (Slack, Discord, etc.) in SKILL.md.
  • Boundary markers: None explicitly defined in the basic code examples.
  • Capability inventory: The skill allows the agent to post messages and interactive cards to chat threads, and manage persistent state via Redis.
  • Sanitization: Not explicitly implemented in the high-level SDK examples; the skill assumes the developer will implement appropriate model safety measures.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:32 PM
Security Audit — agent-trust-hub — chat-sdk