consume-nats-message

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to orchestrate NATS message consumption via designated platform tools (e.g., mcp__nats__jetstream_pull_consumer). No evidence of prompt injection, unauthorized data exfiltration, or malicious command execution was found.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses local project configuration files (.cortex/nats.yaml) and manages contract documentation within the repository. These operations are consistent with the stated purpose of managing messaging contracts and do not involve harvesting sensitive credentials or transmitting data to untrusted external domains.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process external data from NATS message payloads. It implements 'Tolerant Reader' semantics, which includes ignoring unknown fields and performing schema validation (headers and payload), reducing the surface area for injection attacks while processing untrusted data.
  • [COMMAND_EXECUTION]: All operations, including message fetching and acknowledgement, are performed through specified MCP tools rather than direct shell command execution or raw network calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:56 PM
Security Audit — agent-trust-hub — consume-nats-message