Skills
skills/elementalsouls/claude-bughunter/hunt-auth-bypass/Gen Agent Trust Hub

hunt-auth-bypass

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides multiple curl commands and shell snippets for auditing various authentication endpoints (such as /xmlrpc.php, /_vti_bin/Authentication.asmx, and /bff/user) and testing for authentication bypasses or rate-limiting issues.
  • [EXTERNAL_DOWNLOADS]: Contains numerous references and links to security research reports, vulnerability advisories, and technical blog posts hosted on well-known platforms including GitHub, HackerOne, and ProjectDiscovery.
  • [SAFE]: Includes transparent Python code snippets for security token manipulation (SAML and JWT) using standard libraries such as base64, json, and re. These scripts are intended for local data transformation and are consistent with the skill's primary purpose of vulnerability research.
  • [SAFE]: The use of example credentials (e.g., "admin/password1") and placeholder values for testing is consistent with the skill's role as a security testing guide and does not involve the exposure of real sensitive information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:05 PM
Security Audit — agent-trust-hub — hunt-auth-bypass