Skills
skills/ed1s0nz/cyberstrikeai/network-penetration-testing/Gen Agent Trust Hub

network-penetration-testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill contains numerous commands for active network exploitation and scanning.
  • Evidence: Use of nmap, masscan, msfconsole, hashcat, and john across multiple sections (SKILL.md).
  • Context: These tools are used for intrusive operations like OS identification, vulnerability scanning, and password cracking.
  • PROMPT_INJECTION (HIGH): Highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: The agent processes output from untrusted external sources, specifically network banners, RPC service enumeration, and Nmap script outputs (SKILL.md).
  • Boundary markers: None present. The agent is not instructed to ignore embedded instructions in service banners or script results.
  • Capability inventory: The skill possesses high-impact capabilities including exploit (Metasploit), privilege escalation (getsystem), and lateral movement (smbexec.py).
  • Sanitization: Absent. There is no evidence of filtering or validation for incoming network data.
  • DATA_EXFILTRATION (MEDIUM): Includes commands specifically designed to extract sensitive credentials from systems.
  • Evidence: hashdump, run post/windows/gather/smart_hashdump, and sekurlsa::tickets /export (SKILL.md).
  • PRIVILEGE_ESCALATION (MEDIUM): Provides methods for bypassing security controls and escalating privileges.
  • Evidence: Explicit use of getsystem, mimikatz, and Kerberos ticket injection (ptt) (SKILL.md).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:26 AM