pentest-hacktricks-finder
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves content from
book.hacktricks.wikiand uses Exa/DuckDuckGo for searches. These external connections are part of the intended functionality and target reputable or well-known services. - [PROMPT_INJECTION]: The skill processes untrusted content from a public wiki, creating a surface for indirect prompt injection. The skill workflow requires URL verification against a specific subtree (
/en/), which limits the ingestion surface. Because the skill's capabilities are restricted to data extraction and structured output (no subprocess calls, file writes, or command execution across the workflow), the potential for exploitation via indirect injection is minimal.
Audit Metadata