HTML Injection Testing
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's metadata and description encourage the agent to assist with malicious activities such as 'defacing web applications' and 'performing HTML injection attacks', which may bypass standard AI safety constraints regarding harmful content.
- [PROMPT_INJECTION]: Provides specific bypass techniques (Phase 8) designed to evade security filters, WAFs, and sanitization routines using various encoding and tag-manipulation methods.
- [COMMAND_EXECUTION]: Includes functional command-line templates (curl) and an automated Python script (Phase 9) designed to execute and verify web injection attacks against target applications.
- [DATA_EXFILTRATION]: Provides specific HTML and CSS payloads crafted to capture sensitive information like user credentials and session cookies, redirecting them to external attacker-controlled domains such as attacker.com and evil.com.
Recommendations
- AI detected serious security threats
Audit Metadata