Skills
skills/pluginagentmarketplace/custom-plugin-server-side-game-dev/networking/Gen Agent Trust Hub

networking

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (LOW): The 'scripts/network-test.sh' file executes 'npm install -g wscat'. While wscat is a common utility and npm is a trusted registry, the script performs a global installation and external download without explicit user confirmation.
  • Privilege Escalation (LOW): The 'SKILL.md' file recommends the use of 'tcpdump' for network troubleshooting. This is a privileged command that can be used for sensitive packet capture, though it is used here for its intended diagnostic purpose.
  • Indirect Prompt Injection (LOW): The 'assets/websocket-server.js' and 'SKILL.md' server implementations contain a surface for indirect prompt injection. 1. Ingestion points: Client messages enter via 'ws.on(message)'. 2. Boundary markers: Absent. 3. Capability inventory: The 'broadcastToRoom' function in 'assets/websocket-server.js' relays these messages to all other connected clients. 4. Sanitization: No sanitization or escaping is applied to the message payloads before they are broadcast to other agents or users.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 10:20 PM