msw
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified where the skill processes untrusted external data and reflects it back into responses.
- Ingestion points: Request handlers in SKILL.md read data from
request.json(),url.searchParams, andcookies. - Boundary markers: No delimiters or warnings are used to prevent the agent from executing instructions that might be embedded in the mocked data.
- Capability inventory: The skill is limited to API mocking and does not include capabilities for arbitrary code execution, file writes, or unexpected network requests.
- Sanitization: Example code interpolates query parameters directly into strings (e.g.,
Result for "${query}") without sanitization, which could lead to instruction injection if the mocked response is subsequently processed by the LLM. - [COMMAND_EXECUTION]: Instructions include standard shell commands for environment setup.
- Evidence: Recommends executing
npm install mswandnpx msw init public/for tool installation and initialization.
Audit Metadata