penetration-tester-master
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill instructs the agent to adopt a specific persona ('Elite Red Team Lead') and mandates specific security checks for Pull Requests. While intended for professional use, persona adoption and directive instructions are recognized techniques for steering agent behavior.
- [Indirect Prompt Injection] (LOW): The skill accepts external input (target domains or IPs) through script arguments, creating a surface for indirect injection. Ingestion points: scripts/port_scanner.js and scripts/port_scanner.py via CLI arguments. Boundary markers: None present in scripts or instructions. Capability inventory: Simulated stdout printing only; no actual network or system interaction. Sanitization: No validation or escaping of input arguments before output.
- [Command Execution] (SAFE): The included scripts simulate port scanning by printing hardcoded results to the console. They do not execute shell commands or perform actual network operations.
Audit Metadata