multiplayer-websocket
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows standard practices for WebSocket integration in web applications. The code snippets provided for state synchronization (position, rotation) and connection management do not exhibit malicious intent or dangerous capabilities.
- [PROMPT_INJECTION]: The server and client process externally provided data such as player names and movement states. Ingestion points are located in 'multiplayer-server.ts' (message handling) and 'useMultiplayer.ts' (state updates). While this represents an indirect injection surface where malicious strings could be sent as player names, it is inherent to the multiplayer use case and the provided examples do not grant high-privilege capabilities.
Audit Metadata