skills/mukul975/anthropic-cybersecurity-skills/performing-security-headers-audit/Gen Agent Trust Hub
performing-security-headers-audit
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for security auditing and performs network operations specifically to retrieve and analyze HTTP headers from target URLs provided by the user. It follows best practices by truncating sensitive cookie values in the output.
- [PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection because it processes data (HTTP headers and HTML links) from external web servers during its audit workflow.
- Ingestion points: Response headers and HTML content (for mixed content checks) from user-specified URLs (SKILL.md, scripts/agent.py).
- Boundary markers: None present to delimit untrusted header data from the agent's internal instructions.
- Capability inventory: Network requests using
curland the Pythonrequestslibrary; no file system writes or arbitrary command execution was detected. - Sanitization: The Python agent prepends protocols if missing but does not sanitize or escape header values before analysis.
- [DATA_EXFILTRATION]: The skill performs network operations to fetch headers from target URLs provided at runtime. While these targets are not restricted to a whitelist, the operations are limited to HTTP GET requests for retrieval purposes and do not transmit local secrets or sensitive environment data.
Audit Metadata