The Agent Skills Directory

[DATA_EXFILTRATION] (MEDIUM): The WebSocket server logic in websocket-server.ts contains a critical logic flaw where any connected client can trigger a global broadcast. The broadcast message type case relays message payloads to all connected clients or specific rooms without any authorization or permission checks, enabling unauthorized data relay and spam.\n- [PROMPT_INJECTION] (LOW): The skill implements an indirect prompt injection surface (Category 8). It ingests untrusted data from network sockets and HTTP bodies without boundary markers or content sanitization. Evidence chain: (1) Ingestion points: ws.on('message') in websocket-server.ts and req.body in sse-handler.ts. (2) Boundary markers: Absent. (3) Capability inventory: Unauthenticated network broadcasting to other connected users. (4) Sanitization: Absent; JSON data is parsed and directly processed/relayed.\n- [DATA_EXFILTRATION] (MEDIUM): The sse-handler.ts file contains an Insecure Direct Object Reference (IDOR) vulnerability. The subscribeHandler and unsubscribeHandler functions use a clientId provided in the request body to manage session state without verifying that the requester owns that session.

realtime-systems