byted-livesaas-master

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill manages the installation of the bytedlive-cli and @byted-vcloud/bytedlive-cli packages from the NPM registry. It also supports installation via SSH from internal Git repositories for development environments.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution to run the bytedlive CLI tool. Additionally, the provided test suite dynamically determines the CLI path and executes it using spawnSync to validate OpenAPI responses.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its capability to ingest and process audience comments from a live broadcast.
  • Ingestion points: Audience comments and analysis data are retrieved using the bytedlive control comment list and bytedlive control comment poll commands.
  • Boundary markers: The instructions do not define boundary markers or safety delimiters to isolate audience-generated content from system instructions.
  • Capability inventory: The skill has administrative access to kick, ban, or mute users, and can change the status of the live room (e.g., locking or ending a session).
  • Sanitization: No specific content filtering or sanitization process is described for data fetched from the comments API.
  • [REMOTE_CODE_EXECUTION]: The skill implements a self-healing mechanism for API versioning. If an OpenAPI call fails, the agent is instructed to perform a web search for documentation and dynamically re-assemble the CLI command with updated parameters or version numbers. While intended for reliability, this involves generating executable commands based on external, unverified search results.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:20 AM
Security Audit — agent-trust-hub — byted-livesaas-master