xpath-injection-testing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides methodologies for ingesting and processing untrusted XML data via Python scripts (using
lxml). While this creates an attack surface for indirect prompt injection if an agent blindly processes malicious XML content, the risk is inherent to the skill's educational purpose and is not an intentional exploit within the skill itself. - Ingestion points: Python code snippet targets local
users.xmlor user-defined input strings. - Boundary markers: None present in the testing snippets, though remediation sections recommend input validation.
- Capability inventory: Includes Python code execution using standard libraries (
lxml). - Sanitization: The skill explicitly documents sanitization and parameterization techniques as defensive measures.
- [DYNAMIC_EXECUTION] (LOW): The skill provides a functional Python snippet for evaluating XPath expressions. This is a common utility for security testing and uses standard, non-malicious libraries.
- [DATA_EXPOSURE] (INFO): Contains example payloads used to demonstrate how an attacker might extract user data from a vulnerable system. These are illustrative examples for penetration testing and do not target the agent's environment or user credentials.
Audit Metadata