jbaruch/tui4j-chat
Build terminal chat UIs with TUI4J - Elm Architecture chat client for AI agent demos with Spring Boot integration
90
90%
Does it follow best practices?
Impact
94%
1.38xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime HTTP POSTs to the configured chat endpoint (default "http://localhost:8080" via baseUrl + "/chat?sessionId=...") and directly injects the response body into AgentResponse messages shown in the UI, so remote content can control the agent's prompts/output.
- Audited
- Security analysis