skills/mukul975/anthropic-cybersecurity-skills/testing-for-open-redirect-vulnerabilities/Gen Agent Trust Hub
testing-for-open-redirect-vulnerabilities
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in
SKILL.mdprovides various shell commands for utilizing auditing tools likecurl,gf,nuclei, andffufto probe for vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill references and encourages the installation of third-party security utilities such as
OpenRedireX,nuclei, andffufto enhance testing capabilities. - [DATA_EXFILTRATION]: The
agent.pyscript uses therequestslibrary to perform network operations. It sends HTTP GET requests to external domains specified by the user to verify if redirection parameters are exploitable. - [PROMPT_INJECTION]: The
agent.pyscript possesses an attack surface for indirect prompt injection as it processes untrusted data from external HTTP responses. - Ingestion points: The script reads the
Locationheader (line 80) and the response body (line 107) from external servers. - Boundary markers: None implemented; the script uses direct string comparisons and substring checks on raw response data.
- Capability inventory: The script has network access capabilities via
requests.getto arbitrary URLs. - Sanitization: Outgoing URL parameters are escaped using
urllib.parse.quote, but incoming response data is evaluated without sanitization.
Audit Metadata