testing-cors-misconfiguration
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Includes a Python script (
scripts/agent.py) andcurlcommand templates intended for auditing the security headers of user-specified target applications. - [EXTERNAL_DOWNLOADS]: The documentation references third-party security tools like
CORScannerandcors-scanneras recommended resources for vulnerability detection. - [DATA_EXFILTRATION]: Provides HTML/JavaScript proof-of-concept templates demonstrating how CORS vulnerabilities can be leveraged to exfiltrate data to external collector domains. These examples are clearly documentation-oriented and intended for security testing validation.
Audit Metadata