web-fingerprint
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from external web servers in
scripts/fetch_page.py. Malicious web pages could embed instructions in HTML tags like<title>or<meta name="generator">which are parsed and returned to the agent. Without boundary markers, a model might interpret these as instructions. - Command Execution (LOW): The skill executes
nmapand a custom Python script for network scanning. This is intended behavior but grants the agent network-level reconnaissance capabilities. - Insecure SSL Configuration (INFO): In
scripts/fetch_page.py, SSL verification is explicitly disabled (ssl.CERT_NONE). While common for scanning internal services, it exposes the agent to Man-in-the-Middle (MITM) attacks during data collection.
Audit Metadata