http2-specific-attacks
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute the
h2csmugglerutility from BishopFox's public GitHub repository for testing protocol upgrade vulnerabilities. - [COMMAND_EXECUTION]: Includes various command-line examples for scanning targets and performing protocol-level tests using
curland custom Python scripts. - [DYNAMIC_EXECUTION]: Contains a Python code template using the
h2library to craft and transmit raw binary frames, enabling simultaneous request processing for race condition testing. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill accepts target URLs and hostnames from user input (e.g.,
target.com). - Boundary markers: No explicit delimiters are used to separate user-provided target data from the command structure.
- Capability inventory: The skill utilizes network capabilities via
curl,socket, and theh2csmugglertool. - Sanitization: Input validation or escaping for the target parameters is not explicitly defined in the snippets.
Audit Metadata