WebAssessment

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file specifies a mandatory notification procedure that executes a curl command to a local listener (http://localhost:8888/notify) whenever a workflow is initiated.\n- [COMMAND_EXECUTION]: The utility script WebappScripts/with_server.py uses subprocess.Popen with shell=True to execute commands provided via CLI arguments for managing local development servers.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions and automation to download established open-source security tools (Sherlock, SpiderFoot, Osintgram) and community-maintained bug bounty data (from arkadiyt/bounty-targets-data) from GitHub.\n- [PROMPT_INJECTION]: The Workflows/VulnerabilityAnalysisGemini3.md workflow ingests untrusted data from external security scanners and interpolates it into prompts for analysis by an LLM, creating an indirect prompt injection attack surface.\n
  • Ingestion points: External scan outputs from tools like Nmap, FFUF, and Nuclei consolidated into consolidated-findings.md.\n
  • Boundary markers: Uses Markdown headers to structure the findings before analysis.\n
  • Capability inventory: Access to local command execution (bun, python) and local network operations via notification triggers.\n
  • Sanitization: No specific sanitization or filtering logic is documented for the ingested tool outputs before their inclusion in prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — WebAssessment