mitm-find-ssrf
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (grep, curl, mitmdump) to search traffic logs for vulnerable patterns and to conduct verification tests against internal or cloud metadata endpoints. This behavior is consistent with the skill's primary purpose of security analysis.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from a log.txt file containing captured network traffic. Although this creates an attack surface for indirect prompt injection, it is mitigated by the fact that the analysis is performed using explicit grep patterns and documentation-style test commands rather than passing raw data directly to sensitive logic. Ingestion points: log.txt. Capability inventory: grep, bash loops, curl. Boundary markers: none. Sanitization: none.
Audit Metadata