skills/iii-hq/iii/iii-pubsub/Gen Agent Trust Hub

iii-pubsub

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns detected. The skill uses standard environment variable configuration for Redis connectivity and provides a local in-memory fallback mechanism. No evidence of hardcoded credentials, remote code execution, or unauthorized system access was found.
  • [PROMPT_INJECTION]: The skill defines a surface for potential indirect prompt injection because the subscribe trigger passes raw, unsanitized data directly to handler functions. While this is an inherent characteristic of messaging systems, it is noted as a risk factor if the receiving handlers process the data using an AI model.
  • [EXTERNAL_DOWNLOADS]: The skill references a Redis connection string that defaults to a local instance (redis://localhost:6379) and uses an environment variable for production. This is considered a safe configuration practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 05:36 AM
Security Audit — agent-trust-hub — iii-pubsub