iii-pubsub
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill uses standard environment variable configuration for Redis connectivity and provides a local in-memory fallback mechanism. No evidence of hardcoded credentials, remote code execution, or unauthorized system access was found.
- [PROMPT_INJECTION]: The skill defines a surface for potential indirect prompt injection because the
subscribetrigger passes raw, unsanitizeddatadirectly to handler functions. While this is an inherent characteristic of messaging systems, it is noted as a risk factor if the receiving handlers process the data using an AI model. - [EXTERNAL_DOWNLOADS]: The skill references a Redis connection string that defaults to a local instance (
redis://localhost:6379) and uses an environment variable for production. This is considered a safe configuration practice.
Audit Metadata