skills/jeremylongshore/claude-code-plugins-plus-skills/xss-vulnerability-scanner/Gen Agent Trust Hub
xss-vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it is designed to process untrusted external data for vulnerability scanning. 1. Ingestion points: Code snippets or web content provided by users for XSS analysis. 2. Boundary markers: Absent in the skill instructions. 3. Capability inventory: Read, Write, Grep, Bash(npm:*). 4. Sanitization: Not specified in the manifest.
- [Command Execution] (LOW): The skill requests permission for the Bash tool with npm package installation capabilities. While powerful, this is associated with the primary purpose of security scanning.
- [External Downloads] (LOW): The Bash(npm:*) permission allows the agent to download and install arbitrary npm packages at runtime.
- [No Code] (SAFE): No executable scripts or binaries are included within the skill package.
Audit Metadata