Red Team Tools and Methodology
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is primarily composed of executable shell commands and a custom bash script (
recon.sh) for automating security testing. It grants the agent direct access to execute numerous networking tools includingamass,nuclei,ffuf, andnmap-like scanners. - [PROMPT_INJECTION] (HIGH): The skill exhibits a major Category 8 (Indirect Prompt Injection) attack surface. It fetches data from untrusted external sources (e.g., historical URLs via
waybackurlsandgau) and feeds them into subsequent analysis tools. - Ingestion points:
waybackurls,gau,subfinder,amass, andparamspider.pyfetch data from the public internet and historical web archives. - Boundary markers: None. There are no delimiters or instructions provided to the agent to treat the output of these tools as data rather than potential instructions.
- Capability inventory: The skill includes high-privilege capabilities such as automated vulnerability scanning (
nuclei), directory brute-forcing (ffuf), and XSS testing (dalfox). - Sanitization: None detected. Data is piped directly from collection tools into execution/probing tools without filtering or escaping.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The workflow relies on over a dozen third-party security tools that are not part of a standard operating system distribution. This introduces a large supply chain risk as the user is expected to have these tools installed from various external sources (GitHub, Go registries, etc.).
Recommendations
- AI detected serious security threats
Audit Metadata