xss-html-injection
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides multiple functional payloads designed to exfiltrate sensitive browser session cookies and local storage contents to external attacker-controlled domains via fetch and location redirects.
- [DATA_EXFILTRATION]: Functional keylogger implementations are included that capture user keystrokes in real-time and send the data to a remote server using dynamically generated image requests.
- [DATA_EXFILTRATION]: The instructions provide HTML templates for injecting fraudulent login forms (phishing) to capture and exfiltrate user credentials to a remote server.
- [DATA_EXFILTRATION]: The skill demonstrates various obfuscation techniques, including Base64 (atob), character entities (hex/decimal), and Unicode escapes, specifically used to hide malicious payload intent and bypass security filters like Web Application Firewalls (WAF).
Recommendations
- AI detected serious security threats
Audit Metadata