Skills
skills/jd-opensource/joysafeter/pentest-client-advanced/Gen Agent Trust Hub

pentest-client-advanced

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • DATA_EXFILTRATION (MEDIUM): The storage_inspector tool is used to dump localStorage, sessionStorage, and IndexedDB contents, specifically looking for tokens, PII, and credentials. Accessing and extracting browser-stored secrets is a high-risk data exposure vector.
  • COMMAND_EXECUTION (MEDIUM): The skill wraps command-line tools such as curl and corscanner to perform network security scans. This involves executing system-level processes with user-provided parameters, which can be misused if the tool is directed at unauthorized targets.
  • EXTERNAL_DOWNLOADS (LOW): The skill utilizes several external libraries and frameworks including websocket-client, Playwright, and Puppeteer. These represent unverifiable dependencies that must be present in the execution environment.
  • PROMPT_INJECTION (LOW): Through postmessage_scanner and service_worker_audit, the skill ingests and analyzes untrusted data from external websites. This surface could be exploited via indirect prompt injection if malicious content on the target site attempts to subvert the agent's instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 05:57 PM