api-tracer
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE]: The skill captures and logs sensitive network information, including
Authorizationheaders and browser cookies, as part of its core API tracing functionality. This data is persisted to the system's temporary directory within session files. - [COMMAND_EXECUTION]: The tool manages a background daemon process using
child_process.spawnto facilitate continuous network monitoring without blocking the main agent session. - [DYNAMIC_EXECUTION]: The
reportfunction generates shell commands (curl) that incorporate untrusted network data, such as URLs and header values, without proper shell escaping. This presents a potential command injection risk if the generated output is directly executed in a terminal. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. The skill records data for local analysis and report generation, requiring manual action to move or share the captured information.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from network responses and interpolates it into reports without sanitization or explicit boundary markers.
- Ingestion points: Captured via CDP
Network.loadingFinishedandNetwork.getResponseBodyinlib/recorder.js. - Boundary markers: Absent in report templates within
lib/reporter.js. - Capability inventory: File system writes for session storage and
spawnfor daemon management. - Sanitization: No validation or escaping is applied to network data before it is included in the Markdown or cURL reports.
Audit Metadata