Skills
skills/bagelhole/devops-security-agent-skills/vulnerability-scanning/Gen Agent Trust Hub

vulnerability-scanning

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill provides instructions to download executable binaries from 'github.com/projectdiscovery', which is not on the Trusted GitHub Organizations or Repositories list.
  • REMOTE_CODE_EXECUTION (HIGH): The skill recommends 'go install' from an untrusted external source and downloading/unzipping binaries from non-whitelisted URLs.
  • COMMAND_EXECUTION (MEDIUM): Extensive use of shell execution blocks for Docker, OMP, and OSCAP with minimal input validation.
  • CREDENTIALS_UNSAFE (LOW): Documentation includes default credentials ('admin/admin') for the OpenVAS scanner.
  • DATA_EXFILTRATION (LOW): Python code for Nessus API interaction explicitly disables SSL certificate validation ('verify=False'), exposing potentially sensitive scan data and credentials to man-in-the-middle (MITM) attacks.
  • INDIRECT_PROMPT_INJECTION (HIGH): High vulnerability due to processing untrusted external data. 1. Ingestion points: Processes responses and results from external network targets and third-party scanners (SKILL.md). 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded logic in scan data. 3. Capability inventory: Extensive subprocess execution (Docker, binary runs) and network access across multiple scripts. 4. Sanitization: Absent; the skill does not include logic to sanitize or escape data retrieved from external targets before processing or storage.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:11 PM