ffuf-web-fuzzing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (LOW): The script 'ffuf_helper.py' (analyze_results) ingests data from external fuzzing results, creating a surface for indirect prompt injection.\n
- Ingestion points: 'ffuf_helper.py' (reads 'json_file').\n
- Boundary markers: Absent.\n
- Capability inventory: Analyzes and prints data; no dangerous capabilities identified.\n
- Sanitization: No sanitization of ingested URLs or metadata.\n- EXTERNAL_DOWNLOADS (LOW): 'resources/WORDLISTS.md' references 'https://github.com/danielmiessler/SecLists.git' for downloading tools. This repository is not on the Trusted External Sources list.\n- CREDENTIALS_UNSAFE (SAFE): 'resources/REQUEST_TEMPLATES.md' contains hardcoded example credentials (JWT, Basic Auth, API keys) identified as dummy data for templates and instructional use.
Audit Metadata