pentest-web-application-logic-mapper
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [No Code] (SAFE): The skill consists entirely of markdown documentation and YAML metadata. It does not include any executable scripts, binaries, or configuration files that could perform unauthorized actions.- [Indirect Prompt Injection] (LOW): The skill defines a workflow that ingests untrusted external data, creating a surface for indirect prompt injection.
- Ingestion points: The skill explicitly processes 'Spider/Crawl Data' (URLs and forms), 'API Documentation' (Swagger/OpenAPI), and 'User Manuals'.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: The skill is instructional and analytical; it does not include capabilities for subprocess execution, file writing, or network requests.
- Sanitization: There are no requirements for sanitizing or validating input data before it is analyzed by the agent.
Audit Metadata