real-time-features
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary content is instructional documentation and code boilerplate. No malicious behaviors, obfuscation, or sensitive data exposure were found in any of the analyzed files.\n- [PROMPT_INJECTION]: The provided code for WebSockets and SSE demonstrates processing of client messages, which is an inherent surface for indirect prompt injection. The skill mitigates this by including clear instructions in the 'Best Practices' section to validate and sanitize all messages.\n
- Ingestion points:
references/websocket-server-nodejs.mdandreferences/server-sent-events-sse.mdcontain handlers for incoming data.\n - Boundary markers: Not explicitly implemented in the minimal code snippets.\n
- Capability inventory: The server examples focus on broadcasting data; no execution of shell commands or file modifications are performed based on the data.\n
- Sanitization: Absent in the minimal code snippets but identified as a requirement in the 'DO' list of best practices.
Audit Metadata