business-logic-attack
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a methodology document intended for educational and manual testing purposes. It contains structured advice on where to look for logic flaws (e.g., payment parameters, coupon validation, SMS verification) but does not provide any automation or scripts to execute these tests.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, external script downloads, or package installations were found.
- [DATA_EXFILTRATION]: There are no network operations or commands that access sensitive local files or exfiltrate data.
- [PROMPT_INJECTION]: The instructions focus on web application vulnerabilities and do not attempt to override the AI agent's system prompt or bypass its safety guardrails.
- [COMMAND_EXECUTION]: The skill does not contain any shell commands or subprocess calls. The HTTP request examples are provided as plain text documentation for manual analysis.
Audit Metadata