html-injection-testing
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains working templates for stealing user credentials via phishing forms and exfiltrating session cookies using CSS injection techniques targeting external domains.
- [COMMAND_EXECUTION]: Includes a Python script and multiple curl command templates specifically designed to deliver malicious payloads to remote servers and analyze their responses.
- [PROMPT_INJECTION]: The workflow and core purpose of the skill direct the agent to engage in harmful activities, such as defacing websites and constructing credential-theft forms, which could be used to bypass standard safety guidelines.
- [PROMPT_INJECTION]: The provided Python script for automated testing creates an indirect prompt injection surface. 1. Ingestion points: Untrusted web content is read into the 'response.text' variable. 2. Boundary markers: No delimiters or ignore-instruction warnings are present to isolate the web data. 3. Capability inventory: The script performs arbitrary network GET requests. 4. Sanitization: No filtering or escaping is applied to the ingested content before it is processed.
Recommendations
- AI detected serious security threats
Audit Metadata