bug-bounty-program
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The methodology mentions using external platforms like 'webhook.site' and 'burpcollaborator.net' for Out-of-Band (OOB) testing. While these are standard in security research, they are non-whitelisted domains and represent potential data transmission to external services.\n- [COMMAND_EXECUTION] (LOW): The skill provides numerous bash commands for security tools (nmap, sqlmap, nuclei). This documentation describes a high-capability command execution surface, although it is consistent with the skill's stated purpose for penetration testing.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill describes processes that ingest data from external targets via security tools, which could serve as a vector for indirect prompt injection if outputs are processed by the agent without strict sanitization.\n
- Ingestion points: Command output from nmap, nuclei, and sqlmap mentioned in SKILL.md.\n
- Boundary markers: Absent in the provided command examples.\n
- Capability inventory: Bash command execution for security auditing tools.\n
- Sanitization: No sanitization logic is included in the methodology snippets.
Audit Metadata