openui-forge-java

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The application accepts user-supplied chat messages and forwards them to the OpenAI API, creating a potential surface for indirect prompt injection attacks.
  • Ingestion points: User content enters the system via the ChatRequest body in ChatController.java.
  • Boundary markers: The application prepends a system prompt from system-prompt.txt to the message list, but it does not employ explicit delimiters or structural markers (e.g., specific tags or block prefixes) to isolate user input from instructions.
  • Capability inventory: The skill possesses network capabilities to communicate with the OpenAI API.
  • Sanitization: There is no evidence of content filtering or sanitization performed on the messages before they are transmitted to the model.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of several packages from the @openuidev scope on npm. These are specific to the OpenUI library described in the skill and are necessary for its functionality.
  • [COMMAND_EXECUTION]: The setup instructions include running shell commands such as mvn spring-boot:run and npx @openuidev/cli. These are standard development operations for the respective frameworks and use static paths provided in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:35 AM
Security Audit — agent-trust-hub — openui-forge-java