websocket
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a legitimate utility for security professionals to audit WebSocket implementations for common vulnerabilities such as Cross-Site WebSocket Hijacking (CSWSH), missing authentication, and unencrypted transport.
- [COMMAND_EXECUTION]: The workflow involves running
semgrep, a well-known and trusted static analysis tool, to scan source code for security flaws. The command used (semgrep scan --config auto --json --quiet) is standard for this purpose. - [PROMPT_INJECTION]: No evidence of instructions designed to bypass agent safety filters or override system prompts was found.
- [DATA_EXFILTRATION]: The skill does not contain logic to send sensitive data to external servers or access private credentials such as SSH keys or environment variables.
Audit Metadata