secure-headers-csp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill includes code to send metrics to AWS CloudWatch via the putMetricData call. While this is a standard monitoring practice, the destination domain is not included in the predefined whitelist for network operations.
- [Indirect Prompt Injection] (INFO): The CSP reporting endpoint creates an ingestion surface for untrusted external data. Evidence: (1) Ingestion point: routes/csp-report.ts via the /api/csp-report POST endpoint; (2) Boundary markers: Absent; (3) Capability: The data is used for console logging and CloudWatch metric submission; (4) Sanitization: The implementation uses property-based extraction from the request body but lacks formal input validation or escaping.
Audit Metadata