pentest-commands

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes multiple examples that embed plaintext credentials directly into commands (e.g., "set SMBPass pass", sqlmap --data="user=admin&pass=test", hydra with -l/-P), which would require or encourage the agent to output secret values verbatim, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains explicit, actionable offensive commands (reverse shells, msfvenom payloads, exploit usage, brute-force tools, deauthentication and wireless cracking, SQL shell capabilities, etc.) that enable backdoors, remote code execution, credential theft, and data exfiltration—high-risk if used without authorization.