grpc-protobuf
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [Data Exposure] (SAFE): The authentication interceptor uses a generic TokenProvider pattern; no hardcoded credentials or API keys are present.
- [Remote Code Execution] (SAFE): No dynamic execution or remote script downloading patterns were identified.
- [Indirect Prompt Injection] (LOW): The skill defines multiple ingestion points for external data via gRPC request messages (e.g., CreateEnvironmentRequest, ChatMessage). These are mitigated by the use of strongly-typed Protocol Buffers and standard validation, such as UUID parsing.
- [Scanner False Positives] (SAFE): Automated alerts for 'Status.IN' and 'logger.info' are identified as false positives. 'Status.IN' likely refers to gRPC Status constants (like INVALID_ARGUMENT), and 'logger.info' is a standard debugging practice used within the provided interceptors.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata