CtrlK
BlogDocsLog inGet started
Tessl Logo

integrate-atlas-chat

MUST be used whenever building a chat UI with Atlas agents in a Flows app. Do NOT manually write useAtlasChat integration code — this skill handles installation, component structure, and hook wiring. Triggers: useAtlasChat, atlas chat, streaming chat, agent chat, chat interface, chat component, chat UI. For a full chat app, run skills in order: (1) integrate-atlas-chat, (2) create-client-tool (per tool), (3) setup-python-tools (if Python tools needed).

64

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Security

4 findings — 1 critical severity, 1 high severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.

Critical

E006: Malicious code pattern detected in skill scripts

What this means

Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.

Why it was flagged

Malicious code pattern detected (high risk: 1.00). The code intentionally executes server-provided Python inside a browser Pyodide runtime while injecting COGNITE_TOKEN and enabling HTTP (pyodide_http + micropip), creating a clear remote-code-execution vector that can be used to exfiltrate credentials or data and to install untrusted packages — a high-risk backdoor/exfiltration capability.

Report incorrect finding
High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 0.80). The prompt supplies an "Agent external ID" placeholder that the agent is expected to embed into the integration (code/config), which would require outputting the secret identifier verbatim and thus risks credential exfiltration.

Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 0.85). The runtime path `useAtlasChat` → `AtlasSession.send` → `AtlasClient.post` → `parseSSE` ingests `data.response.content` / `data.response.messages` from the agent chat API SSE stream (outsider-authored model output), which is then accumulated into `onChunk` and placed into the LLM context for subsequent turns via `payload.messages`/`followups`.

Medium

W012: Unverifiable external dependency detected (runtime URL that controls agent)

What this means

The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.

Why it was flagged

Potentially malicious external URL detected (high risk: 1.00). The Pyodide runtime code calls loadPyodide with DEFAULT_CDN_URL (https://cdn.jsdelivr.net/pyodide/v0.29.3/full/) and then uses micropip.install at runtime (e.g., installing "cognite-sdk"), which fetches and executes remote Python packages — evidence that remote code is downloaded and executed during skill runtime.

Repository
cognitedata/builder-skills
Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.