security-zap-scan
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a local script 'scripts/zap-baseline.sh' using Bash. While this is the core functionality, it assumes the local file system is trusted and the script has not been tampered with.
- [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection (Category 8). The agent reads and processes 'zap-report.html' or 'zap-report.md'. These files contain data reflected from an external application being scanned. An attacker could embed malicious instructions in page titles or headers that are then recorded by ZAP and read by the agent. *Ingestion point: zap-report.html (SKILL.md). *Boundary markers: Absent. *Capability inventory: Bash (execution of scripts/zap-baseline.sh), Read. *Sanitization: None described.
Audit Metadata