Skills
skills/zebbern/secops-cli-guides/API Fuzzing for Bug Bounty/Gen Agent Trust Hub

API Fuzzing for Bug Bounty

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • SAFE (SAFE): No malicious behavior detected. The skill's content is consistent with its stated purpose of providing educational and technical resources for API penetration testing.
  • Indirect Prompt Injection (LOW): The skill identifies a surface for indirect prompt injection because it instructs the agent to process untrusted external data such as Swagger/OpenAPI documentation and API responses. However, this is inherent to the primary function of an API security tool and no malicious instructions for the agent were found.
  • Ingestion points: swagger.json, openapi.json, and live API responses.
  • Boundary markers: None identified.
  • Capability inventory: Execution of python3 for processing files and kr (Kiterunner) for network reconnaissance.
  • Sanitization: Not specified. Per the security analysis rules, the severity for this use-case is considered SAFE.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM