route-handlers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The AI/LLM streaming example in
SKILL.mddirectly uses user input in a prompt, creating an injection surface.\n - Ingestion points:
request.json()inSKILL.md(reading thepromptfield).\n - Boundary markers: Absent. The input is directly passed as message content without delimiters or protective instructions.\n
- Capability inventory:
openai.chat.completions.createcall inSKILL.md.\n - Sanitization: Absent. No validation or filtering is performed on the user-provided prompt.\n- [Data Exposure & Exfiltration] (LOW): The file upload example in
references/http-methods.mdis vulnerable to path traversal due to unsanitized filename usage.\n - Evidence: The code uses
file.namedirectly inpath.join(process.cwd(), 'public/uploads', filename)without removing traversal sequences like...\n - Risk: An attacker could potentially write files to arbitrary locations outside the intended directory, affecting system integrity.
Audit Metadata