skills/mukul975/anthropic-cybersecurity-skills/intercepting-mobile-traffic-with-burpsuite/Gen Agent Trust Hub
intercepting-mobile-traffic-with-burpsuite
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for authorized mobile application security assessments and follows industry-standard testing methodologies. No malicious patterns were detected in the provided scripts or documentation.
- [COMMAND_EXECUTION]: The provided documentation includes manual command-line instructions for the user to configure tools like Burp Suite, adb, and Frida. These are intended for user-driven setup and testing; the included Python scripts do not perform any automated or hidden command execution.
- [DATA_EXFILTRATION]: Analysis is performed locally on user-provided export files (HAR or Burp XML). The scripts do not include network functionality, external dependencies, or mechanisms to exfiltrate data.
- [PROMPT_INJECTION]: The scripts process untrusted traffic data (HAR/XML files) for security analysis. While this presents an ingestion surface for potentially malicious data, the lack of dangerous capabilities in the scripts prevents exploitation.
- Ingestion points:
scripts/agent.py(loads HAR files via json.load) andscripts/process.py(parses Burp XML exports via xml.etree.ElementTree). - Boundary markers: None present in the parsing scripts.
- Capability inventory: Script capabilities are strictly limited to local file reading, regex matching, and generating local JSON report files. No network, subprocess, or dynamic code execution capabilities exist.
- Sanitization: None; the scripts are intended to perform diagnostic analysis on the raw input content.
Audit Metadata