Skills
skills/instavm/security-skills/mitm-find-auth/Gen Agent Trust Hub

mitm-find-auth

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including grep, curl, and mitmdump to analyze log files and perform active testing of authentication endpoints.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from log files without isolation.
  • Ingestion points: Data is ingested from the log.txt file through multiple grep operations.
  • Boundary markers: Absent; there are no markers or delimiters defined to separate the log content from the agent's instructions.
  • Capability inventory: The agent can execute shell commands (grep, curl, mitmdump) and read files from the local filesystem.
  • Sanitization: Absent; the skill does not specify any validation or sanitization steps for the data retrieved from the logs before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:58 PM