chat-sdk
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- Environment Variable Management: The skill correctly instructs developers to use environment variables (e.g.,
process.env.SLACK_SIGNING_SECRET) for managing sensitive platform tokens and secrets, which is a standard security best practice. - Trusted Documentation References: It provides links to official documentation and repositories from Vercel and GitHub. These resources are used to ensure the AI uses up-to-date API signatures, which helps prevent the generation of insecure or broken code snippets.
- External Data Handling: As a tool for building chat interfaces, the skill naturally involves processing untrusted user input from external platforms. The provided examples demonstrate standard message handling and state management patterns. Developers should maintain routine sanitization practices when rendering or executing logic based on these external messages.
- Platform-Specific Security: The instructions include platform-specific security requirements, such as enabling Message Content Intent for Discord or using webhook secrets for Telegram, ensuring that the resulting bots operate within the intended security boundaries of each service.
Audit Metadata