nmap-scan-management
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
nmap_custom_scantool allows users to supply an arbitrary string of flags to thenmapbinary. Although the skill documentation states that shell metacharacters and specific flags are blocked, this approach creates a substantial attack surface where sophisticated bypasses of the blocklist could lead to arbitrary command execution or system compromise. - [DATA_EXFILTRATION]: The
nmap_get_scantool retrieves files from disk based on ascan_idprovided by the user. This functionality is inherently vulnerable to path traversal attacks (e.g., using../sequences) if the input is not strictly validated and restricted to the intended directory, potentially exposing sensitive system files. - [PROMPT_INJECTION]: The skill processes network scan data, which is an external and untrusted source of information, making it susceptible to indirect prompt injection attacks. \n
- Ingestion points: Raw network scan output (banners, hostnames) and historical scan results retrieved from disk by
nmap_get_scan. \n - Boundary markers: Not identified in the skill's documentation. \n
- Capability inventory: Execution of the
nmapbinary via subprocess and file system read access via the scan retrieval tools. \n - Sanitization: The skill claims to filter shell metacharacters and specific nmap flags in the custom scan input tool.
Audit Metadata