kit-app-streaming-debug

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to execute local repository scripts (repo.bat and repo.sh) to launch applications with specific diagnostic, logging, and tracing flags. These commands facilitate the capture of StreamSDK events and verbose log data for performance analysis.
  • [COMMAND_EXECUTION]: Directs the agent to initiate a local development server using npm run dev within the ~/proj/ov-web-rtc directory to capture and display WebRTC stream statistics.
  • [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection risks associated with processing application logs.
  • Ingestion points: The skill searches local log files (e.g., kit.log) at user-specified paths for diagnostic markers.
  • Boundary markers: Absent; the skill uses rg to extract specific error strings and performance markers without the use of explicit data delimiters.
  • Capability inventory: The skill allows for the execution of shell commands and the launching of local application binaries.
  • Sanitization: Log content is searched for known technical strings; however, there is no sanitization or escaping of the raw log data prior to interpretation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 12:21 PM
Security Audit — agent-trust-hub — kit-app-streaming-debug