Nmap Scan
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous instructions for the agent to execute shell commands directly on the host system, including file system operations and network utility calls.
- [COMMAND_EXECUTION]: Multiple workflows explicitly require the use of
sudoto perform SYN scans, UDP scans, and OS fingerprinting, granting the agent elevated system-level permissions. - [COMMAND_EXECUTION]: The implementation workflow relies on capturing command output from files (e.g.,
.nmapresults) and interpolating those variables directly into subsequent shell commands, which is a dangerous pattern that could allow for command injection if the source data is manipulated. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through its automated parsing of network scan results.
- Ingestion points: Data is read from
nmap-portscan.nmapandnmap-portscan.gnmapduring the Phase 2 workflow inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded instructions within the processed scan data.
- Capability inventory: The agent is granted the ability to execute
mkdir,nmap, and several shell utilities includinggrep,sed,cut, andtr. - Sanitization: While the skill uses basic regex for port identification, it lacks robust sanitization to prevent adversarial payloads in service names or version strings from affecting subsequent command execution.
Recommendations
- AI detected serious security threats
Audit Metadata