xxe-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of a Markdown file (SKILL.md) providing documentation and methodology. It does not include any scripts, configuration files for package managers, or automated execution logic.
- [Data Exposure & Exfiltration] (SAFE): While the document contains examples of payloads that exfiltrate files (e.g., /etc/passwd) to external domains (e.g., attacker.com), these are static text examples and not part of any executable code within the skill.
- [Indirect Prompt Injection] (LOW): The skill provides instructions for processing external XML and Office documents, which are potential vectors for indirect prompt injection. 1. Ingestion points: XML input points, file uploads (SKILL.md). 2. Boundary markers: None provided in testing examples. 3. Capability inventory: No internal capabilities; references external tools like XXEinjector. 4. Sanitization: Not present in testing examples as it focuses on exploitation.
Audit Metadata