burpsuite-project-parser
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local wrapper script to execute Java commands for searching and extracting data from Burp Suite project files.
- [EXTERNAL_DOWNLOADS]: Recommends the manual installation of a third-party Burp Suite extension from a GitHub repository to enable command-line parsing functionality.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface as the agent processes untrusted data (HTTP headers and bodies) from external project files. To manage this, the skill mandates strict output limits, including truncating response bodies to 1000 characters and limiting total output to 50KB using shell utilities like
headandjqto prevent context poisoning.
Audit Metadata