charles-proxy-extract
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted network log data and outputs it to the agent, creating a surface for indirect instructions. \n
- Ingestion points:
extract_responses.py(line 42) reads data from user-provided files usingjson.load(). \n - Boundary markers: Absent. The script prints extracted text without delimiters or instructions to ignore embedded content. \n
- Capability inventory: Limited to local file operations; no internal network or shell execution capabilities. \n
- Sanitization: Content is extracted and displayed raw without sanitization or escaping.
Audit Metadata