ffuf-web-fuzzing
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the processing and analysis of data retrieved from external web servers during fuzzing operations, creating an indirect prompt injection surface where malicious instructions from a target could influence the agent.\n
- Ingestion points: The
ffuf_helper.pyscript reads JSON output containing raw response data from external targets.\n - Boundary markers: The skill does not define specific delimiters to isolate untrusted content during agent analysis.\n
- Capability inventory: The agent is tasked with interpreting results and identifying vulnerabilities, which requires processing data from untrusted sources.\n
- Sanitization: Untrusted data is extracted from JSON files and presented without filtering for embedded instructions.\n- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions for users to install ffuf from its official Go repository and to download wordlists from the well-known SecLists repository on GitHub.
Audit Metadata