pentest-report
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill hardcodes absolute local filesystem paths (e.g.,
/Users/huimingliao/Documents/code/pentest-skills/) in its configuration and instructions. This exposes the author's local directory structure and environment details to the agent and potential users. - [CREDENTIALS_UNSAFE]: The
references/example_report.mdfile contains hardcoded passwords and MD5 hashes (e.g.,admin:123456) as part of its demonstration data. Although intended as examples, these represent the use of hardcoded secrets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted vulnerability data from the user and interpolates it into report templates without security boundaries. \n
- Ingestion points: User-provided vulnerability lists, descriptions, and proof-of-concept steps collected in the 'Collect Information' step in
SKILL.md. \n - Boundary markers: No delimiters or isolation instructions are present to prevent the agent from executing instructions embedded within user-supplied vulnerability data. \n
- Capability inventory: The skill's primary capability is writing files to the local reports directory. \n
- Sanitization: No validation, escaping, or filtering of user-supplied text is mentioned in the workflow.
Audit Metadata