skills/jeremylongshore/claude-code-plugins-plus-skills/scanning-for-xss-vulnerabilities/Gen Agent Trust Hub
scanning-for-xss-vulnerabilities
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill documentation identifies several Python scripts ("xss_scan.py", "waf_bypass.py", and "report_generator.py") as components of the skill, but the actual source code for these scripts is missing from the package. This prevents a full security analysis of the automated scanning logic.- [PROMPT_INJECTION]: The skill is designed to process untrusted web content and code, which introduces a surface for indirect prompt injection attacks.
- Ingestion points: The skill uses "WebFetch" to retrieve content from target URLs and the "Read" tool to inspect local code files.
- Boundary markers: The instructions do not include specific delimiters or warnings to the agent to disregard instructions that may be embedded in the analyzed data.
- Capability inventory: The skill utilizes network access ("WebFetch", "WebSearch"), file system access ("Read", "Grep"), and is intended to execute the aforementioned scripts.
- Sanitization: No sanitization or validation routines for the external data being analyzed are described in the skill's documentation.
Audit Metadata