cache-poisoning-smuggling
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a documentation and evaluation resource for offensive security testing. It provides methodology for identifying HTTP desynchronization (CL.TE, TE.CL, TE.TE) and unkeyed header exploitation.
- [SAFE]: No automated execution of the described attacks is present. The skill documentation includes static examples of HTTP requests using standard placeholders like 'evil.com' and 'SMUGGLED'.
- [SAFE]: The 'http_request' tool mentioned in the documentation is used for legitimate vulnerability detection purposes (checking cache headers) and does not point to malicious external domains or sensitive local files.
- [SAFE]: Metadata and evaluation files correctly align with the stated purpose of the skill, and no hidden or obfuscated content was detected across the SKILL.md or JSON files.
Audit Metadata