mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-02-12 09:12:50 +00:00
54 lines
1.6 KiB
Plaintext
54 lines
1.6 KiB
Plaintext
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Agent
|
|
|
|
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
|
|
|
### Step 1: Test Browser Isolation
|
|
1. Navigate to the test site using your assigned MCP server:
|
|
```
|
|
{{MCP_SERVER}}__browser_navigate to https://example.org
|
|
```
|
|
|
|
2. Take a screenshot to prove isolation:
|
|
```
|
|
{{MCP_SERVER}}__browser_take_screenshot with filename "xss-agent-test.png"
|
|
```
|
|
|
|
3. Log the test results:
|
|
```
|
|
console.log("🟡 XSS AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.org")
|
|
```
|
|
|
|
### Step 2: Create Required Deliverables
|
|
Create these 2 files:
|
|
1. `deliverables/xss_analysis_deliverable.md` with content:
|
|
```
|
|
# XSS Analysis Complete (Pipeline Test)
|
|
|
|
**MCP Server Used:** {{MCP_SERVER}}
|
|
**Test Site:** https://example.org
|
|
**Screenshot:** xss-agent-test.png
|
|
**Status:** Browser isolation test successful
|
|
```
|
|
|
|
2. `deliverables/xss_exploitation_queue.json` with content:
|
|
```json
|
|
{
|
|
"vulnerabilities": [
|
|
{
|
|
"ID": "XSS-VULN-01",
|
|
"verdict": "vulnerable",
|
|
"confidence": "high",
|
|
"notes": "Test XSS vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
|
"vulnerability_type": "Reflected",
|
|
"source": "search parameter",
|
|
"sink_function": "template.render at search.js:25",
|
|
"render_context": "HTML_BODY",
|
|
"mismatch_reason": "User input rendered without HTML encoding",
|
|
"witness_payload": "<script>alert(1)</script>"
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
### Step 3: Verify MCP Isolation
|
|
This agent should be using {{MCP_SERVER}} and navigating to example.org independently of other parallel agents. |