penetration-tester-master
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for utilizing various offensive security tools, such as Nmap, SQLMap, and Metasploit, to perform network scanning and vulnerability exploitation as part of a security assessment.
- [DATA_EXFILTRATION]: The exploitation methodology includes steps for accessing sensitive system files (e.g., /etc/passwd) and extracting session cookies from target web applications.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and analyze data from untrusted external targets.
- Ingestion points: Data gathered from network service banners, HTTP responses, and API endpoints during reconnaissance (SKILL.md).
- Boundary markers: None; there are no specific delimiters defined to separate untrusted system data from the agent's instructions.
- Capability inventory: The skill includes instructions for running command-line tools and provides scripts for simulating port scanning (scripts/port_scanner.py, scripts/port_scanner.js).
- Sanitization: None; no validation or escaping mechanisms are specified for processing data returned from external systems during the pentesting workflow.
Audit Metadata