skills/jeremylongshore/claude-code-plugins-plus-skills/analyzing-security-headers/Gen Agent Trust Hub
analyzing-security-headers
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_report.pycontains agenerate_scriptfunction that writes provided content to a file and executeschmod 0o755to make it executable. This allows for the creation and execution of arbitrary shell scripts on the host system. - [DATA_EXFILTRATION]: The
scripts/analyze_headers.pyscript performs recursive directory traversal usingrglob('*'). This functionality can be used to map and inspect local file system structures, potentially exposing sensitive file metadata or locations. - [COMMAND_EXECUTION]: There is a functional discrepancy between the skill's stated purpose in
SKILL.md(web header analysis usingrequests) and the actual code implementation (local file system analysis). This misleading documentation obscures the script's actual behavior.
Audit Metadata