metatron-pentest-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a hardcoded database password ('123') in SQL and code examples and shows commands using mysql -p123, which requires the LLM to reproduce that secret verbatim in outputs (insecure credential handling).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill runs web-recon and search against arbitrary public targets (tools.py: run_curl_headers, run_whatweb, run_nikto and search.py: DuckDuckGo searches) and feeds those untrusted, third‑party results directly into the local LLM via llm.py/analyze_target, allowing external content to influence analysis and suggested actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit privileged system operations (sudo apt installs, sudo systemctl start/enable mariadb), an external installer (curl | sh), and other instructions that modify system state and require elevated privileges, so it pushes changes to the host environment.