global-hotpatch

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted HTTP request and response data.
  • Ingestion points: Untrusted data enters the execution context through variables like req, rsp, and flow.Response in various hook functions across all example scripts (e.g., examples/advanced-challenge-sign.yak, examples/advanced-sm4-transparent.yak).
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious content within the processed HTTP traffic.
  • Capability inventory: The scripts possess the capability to modify HTTP packets, perform secondary network requests using poc.HTTP, and update the flow database using modify(flow).
  • Sanitization: The scripts perform little to no sanitization or validation of the ingested data beyond basic parsing (e.g., json.loads).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:14 PM
Security Audit — agent-trust-hub — global-hotpatch