Burp Suite Web Application Testing
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides comprehensive instructions for using Burp Suite's core features like traffic interception, manual request modification, and automated vulnerability scanning for authorized testing purposes.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because its core functionality involves ingesting and analyzing potentially untrusted data from external web applications.
- Ingestion points: Untrusted data enters the agent context through HTTP response headers and bodies during traffic interception, manual testing, and scanning (SKILL.md).
- Boundary markers: The skill includes instructions to set a 'Target Scope' to focus testing and limit the ingestion of out-of-scope traffic (Phase 3).
- Capability inventory: The skill outlines network manipulation procedures using Burp Suite; it does not grant the agent capabilities to execute arbitrary shell commands or perform unauthorized file system writes on the host.
- Sanitization: There are no instructions for sanitizing or escaping the content of external web responses before they are interpreted or analyzed by the agent.
Audit Metadata