backend-inferencer

The Backend Inferencer skill presents a coherent capability set for inferring backend technologies from HTTP headers, cookies, DNS, repository data, and HTML signals. The data flow is reasonable and aligned with the stated purpose. However, there is a notable data exposure risk: outputting raw cookie values (e.g., connect.sid) through the results can leak sensitive session information to end-users or logs. This elevates the risk profile to Suspicious rather than Benign. To align with safe practice, outputs should redact or mask sensitive signals (cookies, auth tokens) and implement access controls for the generated report. Otherwise, the tool’s inference logic is sound, and the risk is mainly due to data handling in sinks.