backend-websocket
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs standard, reputable npm packages (koa-websocket, short-uuid). No suspicious remote scripts or unverifiable binaries are downloaded.
- [COMMAND_EXECUTION] (SAFE): The skill contains application-level TypeScript code. It does not invoke system shells, execute arbitrary commands, or utilize dangerous subprocess calls.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets, API keys, or private tokens were found. The authentication logic uses a placeholder function, correctly prompting the developer to implement their own secure verification logic.
- [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive local file paths (such as ~/.ssh or .env) and only communicates via the defined WebSocket protocol for its intended purpose.
- [PROMPT_INJECTION] (SAFE): The instructions are focused on implementation and do not contain any directives meant to override AI safety filters or extract system prompts.
Audit Metadata