rate-limiting
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, sensitive file paths, or unauthorized network operations were detected.
- [Obfuscation] (SAFE): All code and documentation are in plain text with no hidden or encoded content.
- [Unverifiable Dependencies & RCE] (SAFE): The skill references standard, reputable libraries (ioredis, express, redis, fastapi). No remote script downloads or piped execution patterns are present.
- [Privilege Escalation] (SAFE): The code operates within the standard application context without requesting elevated system permissions.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or system services were found.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: Ingests user-controlled data such as IP addresses and request metadata for key generation.
- Boundary markers: N/A
- standard string interpolation used for Redis keys.
- Capability inventory: Limited to standard Redis operations and setting HTTP response headers.
- Sanitization: Minimal sanitization of keys, but the risk is negligible as output is not interpreted as instructions by a downstream agent.
- [Dynamic Execution] (SAFE): No use of dynamic code execution (eval, exec) or unsafe deserialization (pickle, yaml.load) was detected.
Audit Metadata