Skills
skills/dokhacgiakhoa/antigravity-ide/Metasploit Framework/Gen Agent Trust Hub

Metasploit Framework

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The file sub-skills/required-tools.md instructs the user to download a script from https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb and execute it with elevated permissions. This source is not on the Trusted Sources list, representing a high risk for arbitrary code execution during installation.
  • [REMOTE_CODE_EXECUTION] (HIGH): The core purpose of the skill involves remote code execution. sub-skills/phase-9-payload-generation-with-msfvenom.md details the creation of various reverse shells (EXE, ELF, PHP, Python, APK) to gain remote control over targets. Additionally, sub-skills/phase-8-post-exploitation-modules.md includes persistence modules like persistence_exe and sshkey_persistence designed to maintain unauthorized access.
  • [COMMAND_EXECUTION] (HIGH): The skill relies on high-risk system commands. sub-skills/required-tools.md and sub-skills/operational-security.md require sudo for systemctl management and database initialization. The meterpreter sessions described in sub-skills/phase-6-meterpreter-session.md provide direct shell access to compromised systems.
  • [DATA_EXFILTRATION] (HIGH): Several modules are dedicated to data theft. sub-skills/meterpreter-essential-commands.md and sub-skills/phase-6-meterpreter-session.md include commands to download arbitrary files, hashdump for password retrieval, and keyscan_dump to capture keystrokes from the target host.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill contains specialized modules for harvesting credentials, such as post/windows/gather/lsa_secrets, post/windows/gather/credentials/credential_collector, and post/multi/gather/ssh_creds in sub-skills/phase-8-post-exploitation-modules.md.
  • [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface as it processes external, untrusted data from target systems and wordlists.
  • Ingestion points: sub-skills/phase-7-auxiliary-modules.md (user/password wordlists) and sub-skills/essential-msfconsole-commands.md (nmap database results).
  • Boundary markers: Absent.
  • Capability inventory: Full filesystem access, network operations, and arbitrary shell execution via Meterpreter.
  • Sanitization: No evidence of sanitization for tool outputs ingested into the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 10:23 AM