hunt-grpc
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'rapidresetclient' source code from a third-party, non-vendor GitHub repository (github.com/secengjeff/rapidresetclient) to facilitate testing for the HTTP/2 Rapid Reset vulnerability.
- [REMOTE_CODE_EXECUTION]: Instructs the agent to compile the downloaded Go source code using 'go build' as part of the tool setup process in Phase 7.
- [COMMAND_EXECUTION]: Installs the 'grpcurl' utility, a standard tool for gRPC interaction, via system and language package managers like 'brew' and 'go install'.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from external gRPC servers (such as reflection catalogs and service descriptors) which are then used to drive subsequent shell commands and loops.
- Ingestion points: Data enters the context through 'grpcurl list' and 'describe' outputs, as well as metadata found via GitHub code searches in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing the output of gRPC service enumerations.
- Capability inventory: The skill utilizes subprocess calls to 'nmap', 'curl', 'grpcurl', 'protoc', and 'go' across multiple scripts.
- Sanitization: There is no evidence of input validation or escaping for the external server responses before they are interpolated into follow-up commands or stored in files.
Audit Metadata