validating-csrf-protection
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill operates on untrusted external data by scanning and analyzing application codebases for security vulnerabilities. While this presents an inherent attack surface for indirect prompt injection, it is the primary purpose of the skill as a security tool.
- Ingestion points: Analyzes source code files including HTML templates, JavaScript route handlers, and framework configuration files located in
${CLAUDE_SKILL_DIR}/. - Boundary markers: No explicit instructions are provided for the agent to use boundary markers or delimiters when ingesting data from external files.
- Capability inventory: The skill utilizes
Read,Write,Grep,Glob, andBashtools to perform its analysis. - Sanitization: There are no explicit instructions for the sanitization of external content before processing.
- [COMMAND_EXECUTION]: The skill uses scoped shell utilities and grep for codebase scanning. The implementation in
scripts/csrf_test.sh(which contains Python code despite the.shextension) is a benign template for processing local files and JSON data, posing no security risk.
Audit Metadata