pubnub-functions
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill emphasizes the use of the 'vault' module for storing and retrieving secrets, which prevents hardcoding sensitive credentials in the code (references/functions-modules.md).
- [Indirect Prompt Injection] (SAFE): The skill handles untrusted data from incoming messages and HTTP requests. 1. Ingestion points: request.message, request.json(), request.query (references/functions-basics.md). 2. Boundary markers: Not explicitly enforced in code templates, relying on developer implementation. 3. Capability inventory: xhr.fetch() for external requests, pubnub.publish() for message propagation, and kvstore for persistent storage. 4. Sanitization: Examples show basic input validation (e.g., checking for existence of fields), but do not implement specific sanitization logic against injection.
Audit Metadata