http-debugger
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with a Smello API server, typically running on localhost:5110, to fetch captured HTTP requests and responses. Evidence: curl -s http://localhost:5110/api/requests (SKILL.md).
- [COMMAND_EXECUTION]: Uses the curl tool to perform HTTP operations (GET, DELETE) against the local Smello server to manage and inspect traffic data. Evidence: curl -s -X DELETE http://localhost:5110/api/requests (SKILL.md).
- [REMOTE_CODE_EXECUTION]: Automated scanners flagged commands piping curl output to python. However, the skill specifically uses 'python -m json.tool', which is a standard library utility for formatting JSON and does not execute the input as code. Evidence: curl -s http://localhost:5110/api/requests | python -m json.tool (SKILL.md).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and summarizes untrusted data from captured HTTP traffic (headers and bodies). 1. Ingestion points: Data enters the context via curl calls to the Smello API. 2. Boundary markers: The instructions do not define specific delimiters for the captured traffic data. 3. Capability inventory: The skill has access to Bash(curl *), allowing it to make further network requests or delete data based on processed instructions. 4. Sanitization: There is no explicit sanitization or filtering of the captured traffic before the agent processes it.
Audit Metadata