guydemo/pubnub-presence
Implement real-time presence tracking with PubNub
79
67%
Does it follow best practices?
Impact
98%
1.07xAverage score across 5 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to subscribe to and process live PubNub presence events and to call hereNow/getState (see SKILL.md and references/presence-events.md & presence-setup.md), which ingests untrusted, user-generated presence/state data from public/third-party channels that can directly influence actions like UI updates and notifications.
- Audited
- Security analysis