Skills
skills/salvo-rs/salvo-skills/salvo-websocket/Gen Agent Trust Hub

salvo-websocket

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements logic for handling real-time data from WebSocket clients, which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the application via ws.recv() and ws.next() in multiple handlers (e.g., ws_handler, handle_socket, handle_messages) defined in SKILL.md.
  • Boundary markers: There are no boundary markers or instructions present to prevent the agent from misinterpreting embedded commands within the WebSocket stream.
  • Capability inventory: The code allows for the broadcasting of untrusted messages to all connected users, potentially spreading malicious payloads across the system.
  • Sanitization: The 'Basic WebSocket Echo Server' example insecurely handles user input by using innerHTML to display messages (document.getElementById('output').innerHTML += <p>${e.data}</p>), creating a Cross-Site Scripting (XSS) vulnerability that could be used to execute arbitrary scripts in the context of other users or observing agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 06:49 AM