fishjam-python-server-sdk
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Credential Management. The skill correctly instructs developers to use environment variables (e.g., FISHJAM_MANAGEMENT_TOKEN, GEMINI_API_KEY) for sensitive credentials instead of hardcoding them within the application code.
- [EXTERNAL_DOWNLOADS]: The skill guides users to install the
fishjam-server-sdkfrom PyPI, which is the official library provided by the vendor (software-mansion-labs). - [SAFE]: Webhook Implementation. The documentation recommends the use of path-secret patterns to authenticate incoming webhook requests, providing a standard security measure for stateless callbacks.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface analysis.
- Ingestion points: Untrusted data enters the context through peer metadata (
PeerOptions), webhook bodies, and media streams (audio/images) received viasession.receive(). - Boundary markers: No explicit instructions are provided to the agent to disregard commands embedded within the media or metadata streams, though this is typical for SDK-level documentation.
- Capability inventory: The skill provides network access capabilities via the
FishjamClientandgoogle.genaiclients. - Sanitization: Structural validation is performed via Protobuf decoding in the
receive_binaryfunction, which reduces the risk of malformed data injection.
Audit Metadata