webfuzzer-hotpatch

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The scripts implement standard security testing functionalities, including AES (CBC/GCM), RSA (OAEP), and HMAC-SHA256/SM3 algorithms for handling encrypted or signed web traffic.
  • [SAFE]: No sensitive data exfiltration or credential harvesting was detected. The keys and secrets used in the examples are explicitly labeled as placeholders or demo values (e.g., 'demo-app-secret', '12341234...').
  • [SAFE]: The skill uses established Yakit internal libraries (codec, poc, str, json) and does not attempt to download or execute external, untrusted code or packages.
  • [SAFE]: Data processing logic (such as parameter extraction in mirror-http-flow.yak or failure checking in custom-failure-checker.yak) is consistent with the intended purpose of automating security assessments.
  • [SAFE]: No evidence of prompt injection, obfuscation, or persistence mechanisms was found in the scripts or documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:14 PM
Security Audit — agent-trust-hub — webfuzzer-hotpatch