idor-methodology
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a security testing methodology and contains no malicious instructions or suspicious code patterns.
- [COMMAND_EXECUTION]: The skill provides templates for Python and Bash scripts that use
curland therequestslibrary to perform automated vulnerability detection against target endpoints. - [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by instructing the agent to process untrusted data from target API responses. 1. Ingestion points: API response bodies and headers processed during discovery phases (SKILL.md, references/idor-advanced-patterns.md). 2. Boundary markers: The methodology does not specify the use of delimiters or ignore-instructions for external data. 3. Capability inventory: The agent uses network request tools and may generate scripts using
create_script. 4. Sanitization: The methodology does not provide logic for sanitizing or escaping the data retrieved from external API endpoints.
Audit Metadata