bruno-api
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external, potentially untrusted content.\n
- Ingestion points: As described in Step 1 of the workflow in SKILL.md, the skill extracts HTTP methods, headers, parameters, and request bodies from Bruno (.bru) files. These files are provided as inputs and may contain malicious instructions designed to influence the agent.\n
- Boundary markers: The prompt instructions do not define clear boundaries or delimiters to isolate processed data from the agent's control logic, nor do they instruct the agent to ignore instructions embedded within the files.\n
- Capability inventory: The skill is granted access to powerful tools including Bash, Edit, Read, Glob, and Grep, which provide a significant attack surface if an injection occurs.\n
- Sanitization: There is no mention of sanitizing or validating the content extracted from .bru files before incorporating it into the final documentation output or using it to guide codebase searches.\n- [COMMAND_EXECUTION]: The skill requests and uses the Bash tool for directory scanning and automated workflow steps. While intended for legitimate file management and searching, the tool's parameters could be influenced by malicious content within an analyzed Bruno file, creating a risk of unauthorized command execution.
Audit Metadata