server-websocket
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The WebSocket gateway is configured with
cors: true, which permits connections from any origin. Because the system relies on cookies for authentication (socket.handshake.headers), this configuration creates a risk of Cross-Site WebSocket Hijacking (CSWH), where a malicious site could establish a connection on behalf of a logged-in user. - [DATA_EXFILTRATION]: Metadata change events (
s:metadata:change) are documented as being sent via a "global broadcast" to "ALL connected clients." In the context of a multi-tenant system (usingtenantId), broadcasting schema changes (objects, fields, apps) globally may leak sensitive architectural information across tenant boundaries. - [DATA_EXFILTRATION]: The room subscription system relies on client-supplied
roomPartsto join rooms formatted as{tenantId}-{roomPart}. This represents an indirect prompt injection surface where a malicious client might attempt to bypass tenant isolation and access unauthorized data streams if the server-side validation of the requested room names is insufficient. - Ingestion points: Client-emitted
subscribeevents inSKILL.md(e.g.,socket.emit("subscribe", { roomParts: ... })). - Boundary markers: None mentioned; the system relies on the assumption that
tenantIdprefixing is enough. - Capability inventory: The gateway manages room joining and event routing via the
AppGateway. - Sanitization: The documentation does not specify server-side validation or sanitization of the
roomPartspayload.
Audit Metadata