penetration-test-planner
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations were detected in the metadata or description.
- [Remote Code Execution] (SAFE): No remote script downloads (e.g., curl/wget piped to bash) or external package dependencies were identified.
- [Command Execution] (LOW): The skill metadata explicitly requests access to the
Bashtool. While this is a high-privilege capability, it is consistent with the stated purpose of penetration test planning. No malicious command strings are present in the documentation. - [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters, override system prompts, or extract internal logic were found.
- [Indirect Prompt Injection] (LOW): The skill is designed to process user queries related to security patterns and generate configurations. It possesses a data ingestion surface (user requests) and high-capability tools (Bash/Write) without explicit sanitization or boundary markers defined in the markdown, creating a theoretical but currently non-exploited attack surface.
Audit Metadata