pentest-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted data from external web environments, creating a vulnerability surface.
- Ingestion points: Browser requests, WebSocket messages, and cookie values are intercepted by scripts like
xhr-hook.jsandcookie-hook.js. - Boundary markers: Absent; the skill does not implement delimiters to distinguish between its instructions and the data being analyzed.
- Capability inventory: The scripts allow for monitoring and modification of browser APIs (eval, Function, XHR) and logging data to the console.
- Sanitization: None; raw data from external sources is processed and logged directly.
- Category 10: Dynamic Execution (SAFE): In
scripts/debugger-hook.js, the skill hookswindow.evaland theFunctionconstructor. While these are dangerous functions, they are used here specifically to neutralize anti-debugging techniques by stripping 'debugger' statements, which aligns with the skill's stated purpose for security research. - Category 2: Data Exposure (SAFE): The skill intercepts sensitive data including cookies and headers. However, the data is only output to the local browser console for the researcher and lacks any patterns suggesting external exfiltration.
Audit Metadata