Skills
NYC
skills/assistant-ui/skills/streaming/Gen Agent Trust Hub

streaming

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network operations detected. Network requests in examples are directed to typical local endpoints like /api/chat.
  • [Obfuscation] (SAFE): No encoded or hidden content was found.
  • [Remote Code Execution] (SAFE): No patterns for downloading and executing untrusted remote scripts were identified.
  • [Indirect Prompt Injection] (LOW): The skill demonstrates processing untrusted streaming data from external APIs.
  • Ingestion points: response.body?.getReader() in SKILL.md and references/assistant-transport.md.
  • Boundary markers: Absent in the provided code snippets.
  • Capability inventory: The skill handles tool-call and text parts.
  • Sanitization: Not explicitly implemented in the provided code examples, which is standard for documentation focused on protocol implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:44 PM