client-side
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a comprehensive reference for web security testing. All code snippets, payloads, and command-line examples are provided for educational purposes and manual security research.
- [REMOTE_CODE_EXECUTION]: Documentation in reference/prototype-pollution-cheat-sheet.md includes strings representing reverse shell commands. These are clearly marked as research examples and are not executed by the skill.
- [COMMAND_EXECUTION]: Several files provide example curl and python one-liners for checking security headers or testing for vulnerabilities. These are intended for manual execution by the security researcher.
- [DATA_EXFILTRATION]: Payload examples throughout the reference files demonstrate how data can be exfiltrated via fetch() or XMLHttpRequest to educational domains (e.g., attacker.com). These are contextually appropriate for a pentesting reference skill.
Audit Metadata