penetration-tester-master
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill's 'Execution Protocol' and 'Post-Exploitation' sections guide the agent to perform privilege escalation using techniques like kernel exploit identification and SUID binary manipulation. This is inherently high-risk but aligns with the skill's stated pentesting purpose.
- DATA_EXFILTRATION (MEDIUM): The 'Exploitation' instructions explicitly direct the agent to attempt to read sensitive system files (e.g.,
/etc/passwd) and steal browser cookies via XSS. These activities are characteristic of data exposure but are part of the intended offensive security role-play. - PROMPT_INJECTION (LOW): The skill adopts an 'Elite Red Team Lead' persona and uses directive language (e.g., the Vietnamese instruction 'BẮT BUỘC' or 'MUST') to prioritize offensive operations, which may influence the agent to overlook standard safety constraints.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection as it is intended to ingest and analyze untrusted external data (Pull Requests) while being primed with instructions for exploitation.
- Ingestion points:
resources/owasp_top_10_2025.mdinstructs the agent to analyze every Pull Request content. - Boundary markers: None; there are no delimiters or warnings to ignore instructions embedded within the PR data.
- Capability inventory: The skill body contains instructions for system file access and privilege escalation phases.
- Sanitization: None; there is no mention of sanitizing or escaping the content of processed PRs.
Audit Metadata