Skills
skills/dokhacgiakhoa/antigravity-ide/SMTP Penetration Testing/Gen Agent Trust Hub

SMTP Penetration Testing

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute numerous powerful networking and security tools with the intent to scan and attack remote infrastructure.
  • Evidence: Sub-skills like Phase 5, Phase 7, and Example 1 describe the execution of nmap, hydra, smtp-user-enum, msfconsole, medusa, nc, and openssl. These tools are used for port scanning, banner grabbing, user enumeration, and authentication testing.
  • [EXTERNAL_DOWNLOADS]: The skill attempts to modify the local system environment by installing external software packages.
  • Evidence: In sub-skills/required-tools.md, the instructions specifically command the agent to use sudo apt-get install to fetch and install nmap, netcat, hydra, and smtp-user-enum from external repositories. The use of sudo for tool installation represents a privilege escalation finding.
  • [DATA_EXFILTRATION]: The skill facilitates sending sensitive probes and authentication data to external network targets.
  • Evidence: Phase 7 (Brute Force Authentication) and Example 1 detail the use of hydra with wordlists (e.g., rockyou.txt, fasttrack.txt) to attempt unauthorized access to external mail servers, which involves transmitting potential credentials across the network.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and parse output from untrusted external command-line tools.
  • Ingestion points: The agent parses output from nmap, smtp-user-enum, and msfconsole (found in Phase 2, Phase 5, and Example 2) to identify valid users or open relays.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed tool outputs.
  • Capability inventory: The skill possesses extensive capabilities including system-level command execution (sudo), network communication, and automated shell command assembly.
  • Sanitization: No sanitization, validation, or filtering of the output from these external tools is performed before the agent uses the data to inform its next actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 02:03 PM