Interceptor

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The 'Bridge' helper component (optional for macOS) creates a UNIX domain socket at '/tmp/interceptor-bridge.sock' with no authentication. This architectural choice allows any local process running as the user to connect and execute sensitive bridge actions, including reading the clipboard, capturing screenshots, and recording audio without further permission prompts.
  • [COMMAND_EXECUTION]: The installation process for the bridge helper requires the use of 'sudo' to copy binaries into '/usr/local/bin' and establishes persistence by creating a macOS LaunchAgent ('com.interceptor.bridge.plist') that runs at user login.
  • [REMOTE_CODE_EXECUTION]: The skill includes an 'interceptor eval' command that allows the agent to execute arbitrary JavaScript code within the browser's context (isolated or main world), which serves as a dynamic code execution surface.
  • [EXTERNAL_DOWNLOADS]: The 'Update' workflow fetches source code from an external repository ('github.com/Hacker-Valley-Media/slop-browser') and executes 'bun install' to fetch third-party dependencies during the build process.
  • [DATA_EXFILTRATION]: Every workflow invocation requires an unauthenticated network request ('curl') to 'localhost:31337' to send notifications, which could be used to transmit session or workflow metadata to a local listener.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for Indirect Prompt Injection. It ingests untrusted data from arbitrary websites (via 'interceptor read' or 'interceptor tree') and possesses high-privilege capabilities such as shell command execution and browser manipulation. The instructions lack explicit sanitization or boundary markers for this untrusted web content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Interceptor