Skills
skills/maneeshanif/todo-spec-driven/streaming-sse-setup/Gen Agent Trust Hub

streaming-sse-setup

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The script scripts/test-streaming.py processes data from an external streaming endpoint, which presents a surface for indirect prompt injection if the server returns malicious content.
  • Ingestion points: The test_streaming_endpoint function in scripts/test-streaming.py reads data from a configurable API URL.
  • Boundary markers: None identified in the script's output handling.
  • Capability inventory: Network requests via httpx, file system exploration via Glob (allowed tool), and basic console output.
  • Sanitization: The script uses json.loads() to parse events, ensuring data is processed as structured JSON.
  • [DATA_EXFILTRATION] (SAFE): Network requests are directed to a user-defined API_URL. There are no patterns suggesting unauthorized access to sensitive local files or exfiltration of credentials.
  • [CREDENTIALS_UNSAFE] (SAFE): The implementation correctly uses environment variables (TEST_TOKEN) for authentication rather than hardcoding sensitive credentials.
  • [REMOTE_CODE_EXECUTION] (SAFE): No unsafe execution patterns such as eval(), exec(), or piping remote content to a shell were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 12:24 PM