cors-policy-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of documentation and metadata. There are no scripts, binaries, or executable files included in the package.
- [Indirect Prompt Injection] (LOW): The skill is designed to process and validate external data (CORS policies). This presents a theoretical surface for indirect prompt injection.
- Ingestion points: Processes CORS policy configurations provided by the user or read from files via the 'Read' tool.
- Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: Includes 'Bash(npm:*)', 'Write', and 'Read' tools which could be misused if the agent obeys instructions embedded in a malicious CORS policy.
- Sanitization: No specific sanitization logic is provided in this instructional skill.
- [External Downloads] (LOW): The metadata specifies 'Bash(npm:*)' as an allowed tool. This grants the agent the ability to install and run third-party packages, but the skill itself does not specify any malicious dependencies.
Audit Metadata