waf-bypass-agent
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions direct the agent to perform active network requests against a user-defined target endpoint. This includes sending various payload variants involving encodings, structural changes, and content-type smuggling to observe server behavior.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external data.
- Ingestion points: The agent is instructed to capture and analyze HTTP response bodies and headers in Phase 1 (Signal Collection) and Phase 3 (Branch A/B/C) of the SKILL.md file.
- Boundary markers: The instructions do not define boundary markers or provide warnings to the agent to disregard instructions potentially embedded within the analyzed HTTP responses.
- Capability inventory: The agent has the capability to perform network requests and modify its testing logic based on the data it receives from the target throughout all phases.
- Sanitization: The instructions lack any requirement for sanitizing or validating external content before it is processed by the agent to generate new hypotheses or test variants.
Audit Metadata