ngrok
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the ngrok CLI to establish network tunnels and manage service exposure.
- [EXTERNAL_DOWNLOADS]: References installation of the ngrok CLI via well-known and trusted package managers (Homebrew, Snap) and the official ngrok website.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by allowing external data (e.g., HTTP request bodies or webhook payloads) to be ingested via network tunnels.
- Ingestion points: Incoming traffic through established ngrok tunnels and the local request inspector at localhost:4040 (SKILL.md).
- Boundary markers: None provided for the data payload itself; the skill relies on the user to implement protocol-specific security.
- Capability inventory: Execution of ngrok CLI commands (SKILL.md).
- Sanitization: Not directly addressed for payload content, though the skill provides instructions for using signature verification flags like --verify-webhook.
Audit Metadata