skills/mukul975/anthropic-cybersecurity-skills/testing-api-authentication-weaknesses/Gen Agent Trust Hub
testing-api-authentication-weaknesses
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations using the requests library to communicate with user-provided base_url targets in scripts/agent.py and writes scan results locally to ./api_auth_test/api_auth_report.json.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
- Ingestion points: External API response text is retrieved via requests.get() and requests.post() in scripts/agent.py.
- Boundary markers: Absent; the script does not use delimiters or warnings to separate external data from instructions.
- Capability inventory: The skill can perform network requests and write to the local file system.
- Sanitization: Absent; API response content is printed and saved without escaping or validation.
Audit Metadata