streaming-api-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Overall Assessment (SAFE): No malicious patterns or security vulnerabilities were identified in the analyzed files. The skill serves as an educational resource and template library for real-time data streaming technologies.
- Data Privacy & Exfiltration (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network operations were found. Network code in the templates follows standard communication protocols.
- Security Awareness (LOW): The skill includes a detailed implementation checklist that explicitly guides users to implement security measures such as origin validation, authentication, rate limiting, and message sanitization.
- Indirect Prompt Injection (INFO): The skill provides templates that ingest external data (e.g., via WebSockets or API requests) for downstream LLM streaming. 1. Ingestion points: req.json() and ws.on('message') in SKILL.md. 2. Boundary markers: Absent in provided snippets. 3. Capability inventory: No sensitive capabilities (file writes, command execution) are present in the skill's own code. 4. Sanitization: Explicitly recommended as a best practice in the checklist documentation.
Audit Metadata