Skills
skills/wgpsec/aboutsecurity/http-smuggling-advanced/Gen Agent Trust Hub

http-smuggling-advanced

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains Python code snippets that utilize the socket, ssl, and time modules to perform low-level network operations. These scripts are designed to measure server response times and detect HTTP desynchronization by interacting with remote hosts.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to download and install specialized security tools from GitHub, such as smuggler and h2csmuggler, and the h2 Python library for HTTP/2 frame manipulation.
  • [DATA_EXFILTRATION]: The skill describes methodologies for exfiltrating sensitive user data (such as cookies or tokens) from target systems via request smuggling. These techniques are presented as technical guidance for security research and do not involve exfiltration from the agent's local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 10:08 AM