burp-suite-testing
Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay, automated vulnerability scanning, and manual testing workflows.
56
47%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/burp-suite-testing/SKILL.mdSecurity
2 findings — 1 critical severity, 1 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 0.90). Detailed Burp Suite workflow that explicitly teaches traffic interception/modification, credential capture, price manipulation, SQL injection, automated brute‑force and scanning techniques—highly enabling for misuse (fraud, credential theft, unauthorized access) though it contains no hidden backdoors, covert exfiltration endpoints, obfuscated payloads, or remote‑execution backdoor code.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill's Core Workflow (Phase 1 "Launch Burp's Browser" and related steps like "Navigate to target URL", "Proxy > HTTP history", and "Analyze Responses") explicitly instructs the agent to fetch and inspect arbitrary target web application pages and HTTP responses, meaning untrusted third-party content is read and used to drive testing and subsequent actions.
- Repository
- sickn33/antigravity-awesome-skills
- Commit
e18e63c
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.