validating-cors-policies
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate security tool for analyzing CORS policies.
- [PROMPT_INJECTION]: Indirect Prompt Injection Analysis:
- Ingestion points: The skill utilizes the
WebFetchtool to retrieve headers and bodies from remote HTTP endpoints and theGreptool to read codebase content inSKILL.md. - Boundary markers: Not explicitly defined in the instructions for tool output processing.
- Capability inventory: The agent is restricted to
Read,WebFetch,WebSearch, andGrepas per theallowed-toolsconfiguration. It does not have access to dangerous capabilities like arbitrary command execution or file system write access. - Sanitization: No specific sanitization or filtering logic is provided for the ingested data.
- Risk Assessment: While the skill processes untrusted data (external web responses and local source code), the lack of high-risk capabilities and the specialized nature of the task (security auditing) make the inherent surface for indirect prompt injection a low-impact concern.
Audit Metadata