Files
trebuchet/prompts/pipeline-testing/vuln-injection.txt
T

58 lines
1.8 KiB
Plaintext

## 🧪 Pipeline Testing: MCP Isolation Test for Injection Agent
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
### Step 1: Test Browser Isolation
1. Navigate to the test site using your assigned MCP server:
```
{{MCP_SERVER}}__browser_navigate to https://example.com
```
2. Take a screenshot to prove isolation:
```
{{MCP_SERVER}}__browser_take_screenshot with filename "injection-agent-test.png"
```
3. Log the test results:
```
console.log("🔴 INJECTION AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
```
### Step 2: Create Required Deliverables
Use the save_deliverable script to create both deliverables:
**1. Analysis Report:**
```bash
node save_deliverable.js INJECTION_ANALYSIS '# Injection Analysis Complete (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
**Screenshot:** injection-agent-test.png
**Status:** Browser isolation test successful'
```
**2. Exploitation Queue:**
```bash
node save_deliverable.js INJECTION_QUEUE '{
"vulnerabilities": [
{
"ID": "INJ-VULN-01",
"verdict": "vulnerable",
"confidence": "high",
"notes": "Test vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
"vulnerability_type": "SQLi",
"source": "query parameter at app.js:15",
"path": "controller → db.query",
"sink_call": "db.query at app.js:20",
"slot_type": "SQL-val",
"mismatch_reason": "User input directly concatenated into SQL query",
"witness_payload": "'"'"'; DROP TABLE users; --"
}
]
}'
```
These commands will automatically create the correct files in `deliverables/`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel agents.