skills/jeremylongshore/claude-code-plugins-plus-skills/validating-csrf-protection/Gen Agent Trust Hub
validating-csrf-protection
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is designed for security professionals to audit CSRF protection mechanisms. All instructions and examples provided in SKILL.md align with legitimate security assessment practices, such as verifying synchronizer tokens and SameSite cookie attributes.
- [SAFE]: The provided script scripts/csrf_test.sh, while having a .sh extension, contains benign Python code that processes local files and directories to check for existence and file size. It performs no network operations or sensitive data access.
- [COMMAND_EXECUTION]: The skill utilizes allowed-tools including Grep, Glob, and Bash to perform static analysis of the codebase. These tools are used appropriately to inventory state-changing endpoints (POST, PUT, DELETE) and verify configuration files, which is consistent with the skill's primary purpose.
Audit Metadata