skills/mukul975/anthropic-cybersecurity-skills/exploiting-excessive-data-exposure-in-api/Gen Agent Trust Hub
exploiting-excessive-data-exposure-in-api
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a standalone Python script (
scripts/agent.py) and code snippets inSKILL.mdthat execute network requests and process JSON data for security analysis. - [EXTERNAL_DOWNLOADS]: The skill uses the
requestslibrary to fetch content from target API endpoints specified by the user during testing. - [CREDENTIALS_UNSAFE]: The
scripts/agent.pyscript explicitly disables SSL certificate verification (verify=False) when making HTTP requests. This is a common practice in penetration testing to support self-signed certificates in lab environments, but it can expose the connection to man-in-the-middle attacks if used in an insecure network context.
Audit Metadata