matrix-communication
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill implements Matrix communication using the standard
matrix-niolibrary and follows secure development practices. - [COMMAND_EXECUTION]: The
matrix-doctor.pyscript usessubprocess.runto check for and install the requiredmatrix-nio[e2e]package. This is a legitimate setup procedure and is hardcoded to install a specific, well-known library. - [DATA_EXPOSURE]: Matrix credentials (access tokens and device keys) are stored in the user's home directory (
~/.local/share/matrix-skill/store/) with restricted file permissions (0o600), preventing unauthorized access by other users on the system. - [PROMPT_INJECTION]: The skill processes message content from Matrix rooms, which constitutes an ingestion point for untrusted data (Indirect Prompt Injection surface). However, this is inherent to a chat communication skill.
- Ingestion points:
matrix-read-e2ee.pyandmatrix-read.pyread message bodies from the Matrix API. - Boundary markers: None present in the script output; the agent is expected to handle the message content as data.
- Capability inventory: The skill has capabilities for network requests (via Matrix API), file reading/writing, and command execution (via
python3anduvas defined inallowed-tools). - Sanitization: Filenames in
matrix-download-e2ee.pyare sanitized usingPath.nameto prevent path traversal.
Audit Metadata