xss-detection
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users on how to install established security tools, specifically 'dalfox' via Go and 'XSStrike' and 'bleach' via Python. These are well-known tools in the security community used for vulnerability research and remediation.
- [COMMAND_EXECUTION]: Contains command-line examples for running 'dalfox' and 'XSStrike'. These commands are intended for security auditing of target web applications as described in the skill's primary purpose.
- [PROMPT_INJECTION]: Lists various XSS payloads and filter bypass techniques (e.g., script tags, event handlers, and encoding tricks). These are provided for legitimate penetration testing and educational purposes to verify vulnerability findings.
- [DATA_EXFILTRATION]: Uses educational examples involving 'document.cookie' and placeholder malicious domains (e.g., 'evil.com') to demonstrate how XSS can be used for data theft, serving as a warning and justification for remediation.
Audit Metadata