Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/fuzzing-apis/Gen Agent Trust Hub

fuzzing-apis

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/generate_payloads.py provides a generate_script method that writes new shell scripts to disk and applies chmod 755 to make them executable. This dynamic execution pattern allows the skill to generate and run arbitrary code within the environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes configuration data from {baseDir}/config/ and uses it to drive automated actions and report generation.
  • Ingestion points: Configuration data is loaded from files within the {baseDir}/config/ directory in SKILL.md Step 1.
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted configuration data from the agent's internal instructions.
  • Capability inventory: The skill is authorized to use Bash(test:fuzz-*), Read, Write, Edit, Grep, and Glob tools.
  • Sanitization: There is no evidence of validation or sanitization of configuration inputs before they are used in script generation or bash execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:28 AM