fishjam-platform
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The documentation enforces a clear security boundary by distinguishing between administrative Management Tokens and participant-scoped Peer Tokens, explicitly warning developers to keep the former restricted to backend environments and to rotate them if compromised.
- [EXTERNAL_DOWNLOADS]: The skill references and retrieves configuration files, such as OpenAPI specifications and protobuf definitions, from official repositories under the fishjam-cloud organization. These are recognized as legitimate vendor resources and do not pose a security risk.
- [PROMPT_INJECTION]: The Fishjam platform supports custom metadata for peers and tracks, as described in
glossary.mdandnotifications-taxonomy.md. This represents a surface for indirect prompt injection if the data is subsequently processed by an agent without sanitization. - Ingestion points: Metadata fields for peers (
peer.metadata) and tracks (track.metadata) found inSKILL.md,glossary.md, andnotifications-taxonomy.md. - Boundary markers: Not present; the documentation defines metadata as an opaque string or object.
- Capability inventory: The skill provides documentation on managing room lifecycles and media streaming via SDKs but contains no executable code that processes this metadata.
- Sanitization: Not addressed in the platform documentation; users of the SDK are expected to handle data validation independently.
Audit Metadata