Skills
skills/instavm/security-skills/mitm-find-idor/Gen Agent Trust Hub

mitm-find-idor

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands such as mitmdump, grep, and curl for traffic analysis and vulnerability verification.
  • [DATA_EXFILTRATION]: The provided methodology includes using curl with session cookies to test external endpoints, which involves transmitting sensitive authentication data over the network.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted network traffic data from log.txt. 1. Ingestion points: The agent reads captured traffic from log.txt. 2. Boundary markers: None are specified to separate log data from agent instructions. 3. Capability inventory: The skill utilizes shell commands (grep, curl) that could be targeted by injected content. 4. Sanitization: No validation of log content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:58 PM