byted-livesaas-master
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages the installation of the
bytedlive-cliand@byted-vcloud/bytedlive-clipackages from the NPM registry. It also supports installation via SSH from internal Git repositories for development environments. - [COMMAND_EXECUTION]: The skill relies on shell command execution to run the
bytedliveCLI tool. Additionally, the provided test suite dynamically determines the CLI path and executes it usingspawnSyncto validate OpenAPI responses. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its capability to ingest and process audience comments from a live broadcast.
- Ingestion points: Audience comments and analysis data are retrieved using the
bytedlive control comment listandbytedlive control comment pollcommands. - Boundary markers: The instructions do not define boundary markers or safety delimiters to isolate audience-generated content from system instructions.
- Capability inventory: The skill has administrative access to kick, ban, or mute users, and can change the status of the live room (e.g., locking or ending a session).
- Sanitization: No specific content filtering or sanitization process is described for data fetched from the comments API.
- [REMOTE_CODE_EXECUTION]: The skill implements a self-healing mechanism for API versioning. If an OpenAPI call fails, the agent is instructed to perform a web search for documentation and dynamically re-assemble the CLI command with updated parameters or version numbers. While intended for reliability, this involves generating executable commands based on external, unverified search results.
Audit Metadata