client
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill connects to a local URI (ws://localhost:8012), which is a standard pattern for development tools and does not represent a data exfiltration risk.
- [Indirect Prompt Injection] (SAFE): The skill ingests data from a WebSocket stream (client.recv), creating an ingestion surface for untrusted data. However, there are no capabilities in the provided code (such as subprocess calls or eval) that could be exploited through this channel.
- [Remote Code Execution] (SAFE): No patterns for downloading and piping scripts to a shell or executing dynamic code were found.
Audit Metadata