Skills
skills/steedos/steedos-platform/steedos-server-moleculer/Gen Agent Trust Hub

steedos-server-moleculer

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill describes an architecture for handling events from external sources such as metadata changes and record events, which creates an indirect prompt injection surface.\n
  • Ingestion points: Event handlers defined in src/app.moleculer.ts (e.g., $metadata.*, @objectRecordEvent.*.*).\n
  • Boundary markers: No specific boundary delimiters or instruction-ignore warnings are described in the handlers.\n
  • Capability inventory: The service utilizes broker.call, broker.emit, and broker.broadcast to interact with other system components.\n
  • Sanitization: The provided code snippets do not illustrate sanitization or validation of the event payloads before they are forwarded to the WebSocket gateway.\n- [COMMAND_EXECUTION]: The documentation provides examples of using broker.call with the objectql.directFind action, explicitly noting that this method bypasses standard permission layers to query database records directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 10:35 AM