global-hotpatch
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted HTTP request and response data.
- Ingestion points: Untrusted data enters the execution context through variables like
req,rsp, andflow.Responsein various hook functions across all example scripts (e.g.,examples/advanced-challenge-sign.yak,examples/advanced-sm4-transparent.yak). - Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious content within the processed HTTP traffic.
- Capability inventory: The scripts possess the capability to modify HTTP packets, perform secondary network requests using
poc.HTTP, and update the flow database usingmodify(flow). - Sanitization: The scripts perform little to no sanitization or validation of the ingested data beyond basic parsing (e.g.,
json.loads).
Audit Metadata