onvifscan
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill enables the agent to perform credential brute-forcing and authentication testing against local or remote ONVIF devices using the
onvifscantool. Providing an AI agent with automated attack capabilities on network infrastructure is considered a high-risk capability. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on an external binary located in the
iothackbotdirectory. This is an unverifiable dependency whose source and integrity are not established within the skill's context, posing a risk of executing unverified code. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected. The tool ingests and potentially displays XML responses from untrusted network devices, which could be used to influence agent behavior.
- Ingestion points: XML data returned from ONVIF device endpoints during scanning (
onvifscan auth/brute). - Boundary markers: Absent. The skill does not instruct the agent to treat device output as untrusted or provide delimiters for external data.
- Capability inventory: Network scanning, credential brute-forcing, and command execution via the
onvifscanbinary. - Sanitization: Absent. No evidence of output validation or escaping before the LLM processes device responses.
Recommendations
- AI detected serious security threats
Audit Metadata