skills/jeremylongshore/claude-code-plugins-plus-skills/scanning-for-xss-vulnerabilities/Gen Agent Trust Hub
scanning-for-xss-vulnerabilities
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavioral patterns or suspicious command executions were found in the scripts or the skill configuration.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection because it is designed to ingest and analyze untrusted external content (code files and web responses).
- Ingestion points: The scripts read local files, and the skill configuration allows the use of the
WebFetchtool to retrieve external web content. - Boundary markers: The instructions do not specify any delimiters or safety guardrails to separate the content being scanned from the agent's internal instructions.
- Capability inventory: The skill has access to
Read,WebFetch,WebSearch, andGreptools. - Sanitization: There is no evidence of input validation or sanitization in the provided Python templates.
Audit Metadata