websocket-attack
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference guide for security professionals to evaluate WebSocket implementations. All provided examples are instructional.
- [COMMAND_EXECUTION]: Contains example payloads for command injection (e.g.,
cat /flag.txt) and SQL injection. These are clearly marked as testing payloads for security research and are not executed by the skill itself. - [DATA_EXFILTRATION]: Includes code snippets demonstrating how data might be exfiltrated to a hypothetical attacker-controlled server (
evil.com) to illustrate the impact of Cross-Site WebSocket Hijacking (CSWSH). - [EXTERNAL_DOWNLOADS]: References to external domains like
evil.comare used as placeholders in example code and do not represent actual remote code execution or unauthorized downloads by the agent.
Audit Metadata