exegol-pentest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill prompt includes explicit plaintext credentials and examples that pass passwords/API-like secrets directly as command-line arguments (e.g., -p 'P@ssw0rd!', neo4j password, exh add creds), which requires the LLM to handle or emit secret values verbatim and therefore poses high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly documents and enables offensive operations (credential-extraction tools like Mimikatz, C2 frameworks such as Empire/Havoc, webshells, reverse shells, LLMNR/NBT-NS poisoning), provides default/embedded credentials, and exposes mechanisms that allow privileged/containerized access, auto-run user setup scripts, host mounts, and serving/pushing tools to targets — all clear enablers of deliberate malicious activity and potential backdoors if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md Recon/OSINT and Web Application Pentest workflows (e.g., subfinder, httpx, theHarvester, nuclei, sqlmap) explicitly direct running scanners against arbitrary public domains/URLs, which fetch and ingest untrusted public/web/user-generated content that can materially influence follow-up actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs launching containers with elevated privileges (--privileged, --cap NET_ADMIN), mounting host devices and host directories, sharing the host network/ports, and persisting/running custom setup scripts in ~/.exegol, which encourages bypassing container restrictions and modifying the host machine state.