Skills
skills/elizaos/eliza/security-burpsuite-project-parser/Gen Agent Trust Hub

security-burpsuite-project-parser

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external Burp Suite XML data, creating an indirect prompt injection surface. Ingestion points: XML parsing of 'burp_export.xml' via ET.parse and xmllint in SKILL.md. Boundary markers: Absent; no delimiters separate untrusted data from agent context. Capability inventory: Subprocess execution of python3 and xmllint in SKILL.md. Sanitization: Uses the standard ElementTree library which is vulnerable to certain XML-based attacks like Billion Laughs.
  • [COMMAND_EXECUTION]: Employs shell commands and inline Python execution to parse local XML files, representing a significant capability if inputs were maliciously controlled.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 09:53 AM