Skills
skills/aradotso/trending-skills/metatron-pentest-assistant/Gen Agent Trust Hub

metatron-pentest-assistant

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the official installation script for the Ollama platform from its primary domain.
  • [COMMAND_EXECUTION]: Executes multiple local reconnaissance tools including nmap, whois, nikto, and curl via subprocess calls to analyze targets.
  • [CREDENTIALS_UNSAFE]: Documents a default password ('123') for MariaDB setup in the installation guide and provides hardcoded connection strings in Python code examples. A security note is included advising users to use environment variables for production.
  • [PROMPT_INJECTION]: The skill aggregates output from external network scanning tools and interpolates it directly into a prompt for LLM analysis, creating a vulnerability surface for indirect prompt injection.
  • Ingestion points: llm.py via the build_pentest_prompt function, which processes outputs from nmap, nikto, and other tools.
  • Boundary markers: The skill uses simple text delimiters (e.g., '=== TOOL ===') but lacks strong instructions or markers to prevent the LLM from obeying instructions embedded in tool outputs.
  • Capability inventory: The agent has access to subprocess.run in tools.py and mysql.connector database operations in db.py.
  • Sanitization: No sanitization or filtering of tool outputs (like service banners or HTTP headers) is performed before the data is sent to the LLM.
Recommendations
  • HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 05:19 AM