dast-scanning
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the Nuclei security scanner directly from a remote GitHub repository using
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest. Because this uses the@latesttag rather than a pinned version/hash and targets a repository not in the specific trusted organization list, it presents a supply chain risk where the tool could be modified at the source. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill executes remote code by pulling and running Docker images from
ghcr.io/zaproxy/zaproxy:stable. Although ZAP is a reputable tool, running opaque containers with broad network/filesystem access represents a significant security surface. - [COMMAND_EXECUTION] (LOW): The skill makes extensive use of subprocess calls to run system commands like
docker,apt-get, andnikto. This is consistent with the primary purpose of a DAST skill but increases the potential impact of any successful injection. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from external web applications (headers, HTML, API responses) through the reporting mechanisms of ZAP, Nuclei, and Burp Suite.
- Ingestion points:
zap-baseline.py -r baseline-report.html,nuclei -o results.json, andscanner.get_issues(scan_id). - Boundary markers: Absent; reports are processed as raw data without explicit instruction delimiters.
- Capability inventory: Subprocess execution (
docker,apt-get), file system writes (mkdir,-o results.json), and network operations (requests.post). - Sanitization: No evidence of sanitization or validation of the tool outputs before they are processed by the agent.
Audit Metadata