wasm-emscripten
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security vulnerabilities were identified. All operations are standard for WebAssembly development.- [EXTERNAL_DOWNLOADS]: Fetches the Emscripten SDK (emsdk) from its official GitHub repository (emscripten-core/emsdk) for environment setup. This is a standard and expected operation for this toolchain.- [COMMAND_EXECUTION]: Provides commands for toolchain installation and source code compilation using
emcc. These commands are integral to the skill's purpose and use standard arguments.- [PROMPT_INJECTION]: Identified an indirect prompt injection surface in the Asyncify code example. - Ingestion points: The
fetch(url)call in theasync.ccode example allows external data to enter the agent's execution context. - Boundary markers: No delimiters or instructions to ignore embedded content are present in the example code.
- Capability inventory: The skill utilizes
git,emcc, andpython3for toolchain management and local serving. - Sanitization: No input sanitization or validation of the fetched URL or its content is demonstrated in the example.
Audit Metadata