chat-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection Surface]: The skill provides instructions and patterns for building chatbots that ingest data from external platforms like Slack, Telegram, and Discord. This creates an interface where untrusted input from these platforms enters the agent's context.
- Ingestion points: Webhook routes (e.g.,
app/api/webhooks/slack/route.ts) and event handlers (onNewMention,onSubscribedMessage) inSKILL.md. - Boundary markers: The provided examples do not explicitly demonstrate the use of delimiters or 'ignore' instructions for external message content, though they focus on implementation logic.
- Capability inventory: The SDK facilitates powerful capabilities including posting messages (
thread.post), opening direct messages (bot.openDM), and managing persistent state (state: createRedisState()). - Sanitization: While the SDK handles platform-specific rendering, the skill's examples do not emphasize explicit sanitization of incoming text before processing it for bot logic.
- [External Resource References]: The skill fetches documentation and configuration from official Vercel domains and GitHub repositories (e.g.,
sdk.vercel.ai,github.com/vercel/chat). These are established vendor resources used for providing up-to-date technical guidance.
Audit Metadata