pubnub-live-stock-quote-updates
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill uses placeholders for PubNub API keys (
pub-c-...,sub-c-...). No evidence of sensitive local file access or unauthorized data transmission was found. - [Unverifiable Dependencies] (SAFE): The skill relies on the official
pubnubpackage, which is a trusted and well-known library for real-time messaging. - [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection via the consumption of external market data.
- Ingestion points: Data enters the system via
pubnub.addListener(event.message) inSKILL.md. - Boundary markers: None present; data is treated as trusted structured JSON.
- Capability inventory: Limited to UI updates (
updatePortfolioRow) and firing new PubNub messages (pubnub.fire); no shell execution or file-system write capabilities are present. - Sanitization: No explicit sanitization or validation of the market data payload is shown in the example code.
- [Prompt Injection] (SAFE): No instructions designed to override agent behavior or bypass safety guardrails were identified in the markdown or metadata.
Audit Metadata