skills/mukul975/anthropic-cybersecurity-skills/performing-clickjacking-attack-test/Gen Agent Trust Hub
performing-clickjacking-attack-test
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/agent.py' performs local file system operations by writing a proof-of-concept HTML file ('clickjacking_poc.html') to demonstrate vulnerability impact.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'requests' Python library to fetch content from external URLs to analyze security headers and detect frame-busting JavaScript patterns.
- [COMMAND_EXECUTION]: The documentation provides instructions to execute shell commands (curl) and use the Python 'http.server' module for local testing of generated PoC files.
- [PROMPT_INJECTION]: The skill ingests untrusted data from target URLs in 'scripts/agent.py' without implementing explicit boundary markers or input sanitization before generating HTML output. While this creates a surface for indirect prompt injection, it is considered low risk given the tool's intended use-case and local execution environment.
Audit Metadata