idor-testing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [SAFE] (SAFE): No malicious patterns, prompt injections, or obfuscation were detected. The skill is entirely educational.
- [NO_CODE] (INFO): The skill consists solely of a markdown file providing documentation and methodology. It does not contain any functional code files (.py, .js, .sh), configuration for tools, or automated tasks that run on the host system.
- [DATA_EXFILTRATION] (INFO): While the documentation includes 'curl' and 'python requests' templates for testing web APIs, these are provided as static examples for the user rather than instructions for the agent to execute against its own environment.
- [REMEDIATION] (SAFE): The skill follows security best practices by including a substantial 'Phàng hù cuò shī' (Protective Measures) section, detailing how to fix the vulnerabilities it describes using access control, mapping, and RBAC.
Audit Metadata