exegol-pentest
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides mechanisms to launch Docker containers and execute arbitrary commands within them using the 'exegol start' and 'exegol exec' commands as documented in SKILL.md.
- [EXTERNAL_DOWNLOADS]: Installation procedures in exegol-reference.md utilize standard package managers like pipx and apt to download the Exegol wrapper and its dependencies from official repositories.
- [CREDENTIALS_UNSAFE]: Documentation in both SKILL.md and exegol-reference.md lists known default credentials for pre-configured services (e.g., Neo4j and Empire), which is standard practice for the tool's usage.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing untrusted data from network scanning and web testing tools.
- Ingestion points: Command outputs and workspace files generated by tools like 'responder', 'burpsuite', and 'ffuf' (SKILL.md).
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Execution of shell commands via 'exegol exec' and hosting of local files via 'python3 -m http.server' (SKILL.md).
- Sanitization: No explicit sanitization or validation of tool output is defined within the skill.
Audit Metadata