ffuf-web-fuzzing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill follows security best practices for documentation and utility scripts. Analysis across all 10 threat categories revealed no malicious patterns, prompt injections, or obfuscated code.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill suggests downloading the SecLists wordlist collection from its official GitHub repository. This is a legitimate and widely recognized resource for the intended use case.\n- [CREDENTIALS_UNSAFE] (SAFE): While the templates include hardcoded authorization headers (e.g., JWT and Basic Auth), these are generic placeholders provided by jwt.io or standard documentation examples (admin:password123) and do not represent sensitive user information.\n- [COMMAND_EXECUTION] (SAFE): The ffuf_helper.py script facilitates local JSON parsing and text file generation. It does not invoke system shells or execute untrusted code.
Audit Metadata