openui-forge-elixir

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard implementation details for a Phoenix-based SSE proxy. All external dependencies (Phoenix, Req, @openuidev/*) are appropriate for the stated purpose of the skill.- [COMMAND_EXECUTION]: The documentation includes common development commands like npm install, npx, and mix phx.server. These are standard procedures for initializing and running the provided application code and do not include malicious parameters.- [EXTERNAL_DOWNLOADS]: The skill installs necessary Node.js and Elixir packages from official package registries. The use of @openuidev/* scoped packages is consistent with the skill's generative UI functionality and the author's described context.- [DATA_EXFILTRATION]: Outbound network requests are limited to the official OpenAI API for the purpose of chat completions. The implementation correctly handles sensitive API keys via environment variables and does not transmit data to unauthorized third-party domains.- [PROMPT_INJECTION]: The backend architecture addresses potential indirect prompt injection by prepending a server-side system prompt to user-supplied messages.
  • Ingestion points: User messages are ingested via the messages parameter in the ChatController.create action (backend/lib/openui_backend_web/controllers/chat_controller.ex).
  • Boundary markers: The backend prepends a trusted system message loaded from priv/system-prompt.txt to the conversation history.
  • Capability inventory: The backend makes outbound requests to LLM providers using the Req library and streams data back to the browser via Plug.Conn.chunk/2.
  • Sanitization: Input is validated to ensure it is a list of messages, and the critical system instructions are maintained on the server to prevent client-side bypass attempts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:35 AM
Security Audit — agent-trust-hub — openui-forge-elixir