email-header-injection
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as an expert attack playbook, providing structured knowledge for identifying and testing email-related vulnerabilities such as CRLF injection and SPF/DKIM/DMARC bypasses.
- [SAFE]: All code snippets (PHP, Python, Node.js) are presented as illustrative examples of vulnerable coding practices and are not designed for direct execution by the agent.
- [SAFE]: The payloads provided (e.g., BCC injection, Body injection) are standard security research examples. URLs like 'evil.com' and 'attacker.com' are used as non-functional placeholders common in security documentation.
- [SAFE]: No instances of prompt injection, obfuscation, or persistence mechanisms were found. The metadata accurately reflects the content and purpose of the skill.
Audit Metadata