pentest-gemini-sub-htb
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill is explicitly designed to generate and execute offensive security commands for service discovery, enumeration, and exploitation. While intended for lab environments, these operations are inherently high-risk and can impact the host system if not strictly sandboxed. The instruction that it is 'acceptable to run commands and maintain state within the /root directory' increases the risk of accidental host compromise or privilege escalation within the agent's environment.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its 'Results Persistence Protocol'. The agent is instructed to read findings from a local file (
./results/Results-gemini-sub-htb.md) and use that data to influence its next actions. - Ingestion points:
./results/Results-gemini-sub-htb.md(specifically the 'Known Findings' section). - Boundary markers: Absent; there are no instructions to ignore or sanitize instructions found within these files.
- Capability inventory: Capability to execute arbitrary system commands via the 'Workflow' section (recon, foothold, escalation).
- Sanitization: Absent; the skill does not specify any validation for data read from the findings file.
- DATA_EXFILTRATION (LOW): The skill records detailed attack paths, command outputs, and findings to a predictable local file path. While no external network exfiltration is defined in the instructions, the storage of sensitive exploit data in a consistent location creates a target for local data exposure.
Audit Metadata