shannon-ai-pentester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md shows the agent is run against an arbitrary URL (e.g., "./shannon start URL=https://target.example.com REPO=...") and its "Reconnaissance — Nmap, Subfinder, WhatWeb, and Schemathesis scan the target" plus "Parallel Exploitation — Concurrent agents attempt live exploits" indicate it fetches and interprets untrusted public web content that directly drives scanning and exploit actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install guidance clones and runs code from https://github.com/KeygraphHQ/shannon.git (git clone ... then executing ./shannon), meaning remote code is fetched and executed as a required dependency for the skill.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit host-modifying commands (e.g., "sudo usermod -aG docker $USER") that request sudo and change user/group membership on the machine, so it encourages modifying the host state.