caido-mode
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted HTTP request and response data from the Caido instance history and displays it to the agent without explicit boundary markers.
- Ingestion points: Untrusted data enters the context via
cmdSearchandcmdGetinlib/commands/requests.tsand viacmdReplayinlib/commands/replay.ts. - Boundary markers: The skill does not implement delimiters or system-level instructions to ignore embedded commands within the HTTP raw data.
- Capability inventory: The skill has the capability to perform network operations (sending modified requests) and modify security tool configurations (scopes, environments) through the Caido SDK.
- Sanitization: The skill decodes binary data and applies length-based truncation in
lib/output.tsbefore display, which limits context window flooding but does not filter malicious instructions.
Audit Metadata