ai-powered-pentesting
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external data source at 'https://raw.githubusercontent.com/gmh5225/awesome-ai-security/refs/heads/main/README.md'. This repository and user are not on the trusted sources list, making the dependency unverifiable.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The skill lacks sanitization or boundary markers when ingesting external data.
- Ingestion points: The agent is instructed to fetch content from the 'awesome-ai-security' README file in the 'Data Source' section.
- Boundary markers: Absent. There are no instructions to ignore embedded commands within the fetched data.
- Capability inventory: The skill is used for pentesting, vulnerability discovery, and exploitation tasks, which could be abused if the agent obeys instructions embedded in the external source.
- Sanitization: None mentioned for the fetched markdown content.
Audit Metadata