PromptInjection
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains a high volume of prompt injection, jailbreak, and system prompt extraction payloads (e.g., in
COMPREHENSIVE-ATTACK-TAXONOMY.mdandWorkflows/DirectInjectionTesting.md). These are documented as a library for authorized security research and testing. They do not attempt to maliciously subvert the host agent, but rather provide a reference for testing other target systems.\n- [COMMAND_EXECUTION]: The skill includes a shell script (reconnaissance.sh) and instructions for using CLI tools likecurl,wget,npm, andpip. These are used to implement the reconnaissance methodology (mapping attack surfaces) and to install well-known third-party security scanners such as Promptfoo, Garak, and PyRIT.\n- [DATA_EXFILTRATION]: Every workflow file contains a mandatorycurlcommand targetinghttp://localhost:8888/notifyto provide status notifications. This is a local integration pattern and does not involve exfiltration of sensitive data to external domains.\n- [EXTERNAL_DOWNLOADS]: The skill's reconnaissance methodology (APPLICATION-RECONNAISSANCE-METHODOLOGY.md) describes usingwgetto download JavaScript files and other assets from target web applications for security analysis. This is a standard and expected behavior for web security auditing.\n- [INDIRECT_PROMPT_INJECTION]: The skill utilizes browser automation to ingest and analyze external data (DOM, JS, network logs, and document uploads). This represents a functional requirement for the skill to test for indirect injection vulnerabilities in target applications. The skill acknowledges this attack surface and provides defensive strategies inDefenseMechanisms.md.
Audit Metadata