pubnub-order-delivery-driver
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references the legitimate 'pubnub' Node.js library for messaging. No remote script execution, piped bash commands, or untrusted package installations were found.
- [Data Exposure & Exfiltration] (SAFE): Code examples use generic placeholders ('pub-key', 'sub-key') for API credentials. Implementation guidelines explicitly advocate for privacy controls and isolating driver location data.
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts, bypass safety filters, or extract sensitive internal configurations.
- [Indirect Prompt Injection] (SAFE): The skill defines ingestion points for external GPS and status data but recommends using PubNub Functions for server-side validation and state-machine enforcement, mitigating risks from untrusted input.
Audit Metadata