fuzzer
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs shell commands to locate the AFL++ toolchain and manage the fuzzing lifecycle, including building instrumented binaries (SKILL.md).
- [EXTERNAL_DOWNLOADS]: Recommends installing the AFL++ framework from well-known system package repositories using brew or apt-get (SKILL.md).
- [REMOTE_CODE_EXECUTION]: Facilitates the generation and compilation of new source code for fuzzer harnesses at runtime to test identified code paths (SKILL.md).
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the skill ingests and reports on untrusted data from fuzzer crash dumps.
- Ingestion points: Crash files located in findings/default/crashes/ (SKILL.md).
- Boundary markers: No delimiters or instructions are used to separate crash data from agent instructions.
- Capability inventory: Subprocess calls for compilation and binary execution (SKILL.md).
- Sanitization: No input validation is performed on the raw crash output before it is processed for reporting.
Audit Metadata