llm-streaming-response-handler
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation and scripts reference well-known, industry-standard packages such as
tiktoken,node-fetch, and the Vercel AI SDK (ai). These are established libraries within the AI development ecosystem.\n- [COMMAND_EXECUTION]: Provides local developer toolsstream_tester.tsandtoken_counter.ts. These scripts are intended to help developers verify streaming endpoints and analyze text data during the development process.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection within its local testing utility.\n - Ingestion points:
scripts/stream_tester.tsreads untrusted data from network streams using theresponse.body.getReader()method.\n - Boundary markers: The script does not implement boundary markers or instructions to ignore embedded commands within the incoming data stream.\n
- Capability inventory: The skill is configured with access to the
Bashtool, representing a potential escalation path if malicious instructions from a stream are processed.\n - Sanitization: Incoming stream content is written directly to the terminal's standard output without sanitization or escaping of potentially malicious terminal escape sequences.
Audit Metadata