har-extraction
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses npx to execute 'har-to-mocks' and 'mocks-to-msw'. These packages are not from trusted organizations, presenting a risk of execution of unverified code.
- [PROMPT_INJECTION] (HIGH): High attack surface for indirect prompt injection via untrusted data processing. 1. Ingestion points: 'recording.har' and 'network.har' files. 2. Boundary markers: Absent. 3. Capability inventory: npx command execution, file writing, and configuration modification. 4. Sanitization: None; the tool directly transforms HAR content into executable mock handlers.
- [CREDENTIALS_UNSAFE] (HIGH): HAR files (HTTP Archives) inherently capture sensitive data including 'Authorization' headers, session cookies, and PII. This skill encourages converting these recordings into persistent mock files, which creates a high risk of committing production secrets to version control.
Recommendations
- AI detected serious security threats
Audit Metadata