webfuzzer-hotpatch
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The scripts implement standard security testing functionalities, including AES (CBC/GCM), RSA (OAEP), and HMAC-SHA256/SM3 algorithms for handling encrypted or signed web traffic.
- [SAFE]: No sensitive data exfiltration or credential harvesting was detected. The keys and secrets used in the examples are explicitly labeled as placeholders or demo values (e.g., 'demo-app-secret', '12341234...').
- [SAFE]: The skill uses established Yakit internal libraries (
codec,poc,str,json) and does not attempt to download or execute external, untrusted code or packages. - [SAFE]: Data processing logic (such as parameter extraction in
mirror-http-flow.yakor failure checking incustom-failure-checker.yak) is consistent with the intended purpose of automating security assessments. - [SAFE]: No evidence of prompt injection, obfuscation, or persistence mechanisms was found in the scripts or documentation.
Audit Metadata