llm-streaming-response-handler
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes utility scripts stream_tester.ts and token_counter.ts for local execution. These scripts are benign developer tools that do not perform unauthorized command execution.
- [EXTERNAL_DOWNLOADS] (INFO): The script stream_tester.ts performs network requests to external endpoints via fetch to test SSE streams, which is the core functionality of the tool.
- [PROMPT_INJECTION] (LOW): Analysis of indirect injection risk in stream_tester.ts: * Ingestion point: stream reader in stream_tester.ts * Boundary markers: Absent * Capability inventory: Output to stdout only * Sanitization: JSON parsing with try-catch. The script is vulnerable to displaying malicious content from a compromised endpoint, but the impact is limited to the local terminal.
Audit Metadata