csrf-testing
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides a shell command for
zap-clithat includes the argument-config api.disablekey=true. Disabling the API key for a security tool like ZAP is an unsafe practice that could allow unauthorized users to control the scanner. - [SAFE] (INFO): The file contains several HTML and JavaScript snippets intended as Proof-of-Concept (PoC) templates for CSRF attacks. These are standard security research examples and do not contain obfuscated malicious code or exfiltration logic.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references external security tools (Burp Suite, OWASP ZAP). These are trusted industry tools, but their presence in a skill indicates an expectation of external software dependency.
Audit Metadata