Skills
skills/sickn33/antigravity-awesome-skills/burpsuite-project-parser/Gen Agent Trust Hub

burpsuite-project-parser

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external JAR file from an untrusted GitHub repository (github.com/BuffaloWill/burpsuite-project-file-parser). This source is not a verified organization or well-known service.
  • [COMMAND_EXECUTION]: The skill relies on executing a local Bash script (burp-search.sh) that invokes java -jar to run the third-party extension. This execution path processes sensitive project files and could be exploited if the JAR or wrapper script is compromised.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests untrusted HTTP traffic from Burp projects.
  • Ingestion points: Raw HTTP headers and bodies are read from .burp files using the burp-search.sh tool.
  • Boundary markers: Absent. The skill lacks explicit delimiters or instructions to ignore instructions embedded within the traffic.
  • Capability inventory: Uses the Bash tool to execute commands and process file content.
  • Sanitization: Employs jq and head to truncate output and limit total bytes, which reduces but does not eliminate the risk of the agent following instructions found in the traffic.
  • [DATA_EXFILTRATION]: The skill accesses .burp files, which are highly sensitive as they typically contain session cookies, authentication tokens, and internal infrastructure details captured during security audits.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 03:00 AM