WebAssessment
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile specifies a mandatory notification procedure that executes acurlcommand to a local listener (http://localhost:8888/notify) whenever a workflow is initiated.\n- [COMMAND_EXECUTION]: The utility scriptWebappScripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute commands provided via CLI arguments for managing local development servers.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions and automation to download established open-source security tools (Sherlock, SpiderFoot, Osintgram) and community-maintained bug bounty data (fromarkadiyt/bounty-targets-data) from GitHub.\n- [PROMPT_INJECTION]: TheWorkflows/VulnerabilityAnalysisGemini3.mdworkflow ingests untrusted data from external security scanners and interpolates it into prompts for analysis by an LLM, creating an indirect prompt injection attack surface.\n - Ingestion points: External scan outputs from tools like Nmap, FFUF, and Nuclei consolidated into
consolidated-findings.md.\n - Boundary markers: Uses Markdown headers to structure the findings before analysis.\n
- Capability inventory: Access to local command execution (
bun,python) and local network operations via notification triggers.\n - Sanitization: No specific sanitization or filtering logic is documented for the ingested tool outputs before their inclusion in prompts.
Audit Metadata