pentest-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core purpose involves ingesting and analyzing data from external, untrusted network targets via tools like nmap, sqlmap, and nuclei. This creates a significant attack surface where a target can return malicious payloads (e.g., in HTTP headers or HTML comments) that the agent might interpret as instructions during the reporting phase. * Evidence Chain:
- Ingestion points: Outputs from reconnaissance, enumeration, and scanning tools described in SKILL.md.
- Boundary markers: None; there are no instructions to the agent to treat tool output as data rather than instructions.
- Capability inventory: The skill lists bash commands for active network scanning and vulnerability exploitation.
- Sanitization: No validation or filtering of target responses is specified.
- [Command Execution] (MEDIUM): The skill provides a library of pre-formatted bash commands for network exploitation and scanning. While standard for security professionals, these commands grant an agent the capability to perform aggressive network operations that could be abused if the agent is compromised via indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata