llm-streaming
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): Vulnerability surface detected in SKILL.md. The implementation patterns ingest untrusted data via the prompt parameter and interpolate it directly into the LLM message list. When combined with the stream_with_tools capability, this allows an attacker to potentially trigger unauthorized tool execution via injected instructions. There are no boundary markers or sanitization steps provided in the patterns.
- [Unverifiable Dependencies] (LOW): The skill references external packages including openai, fastapi, and sse-starlette. Per [TRUST-SCOPE-RULE], these are from trusted sources, downgrading the dependency finding to LOW.
Recommendations
- AI detected serious security threats
Audit Metadata