skills/mukul975/anthropic-cybersecurity-skills/conducting-network-penetration-test/Gen Agent Trust Hub
conducting-network-penetration-test
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/agent.pyexecutes system-level commands using the Nmap utility. It accepts user-provided arguments for ports and targets that are directly incorporated into the command string without validation, creating a risk of command injection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing unverified data from remote network services and including it in its output.
- Ingestion points: Network service banners, OS signatures, and Nmap script outputs in
scripts/agent.py. - Boundary markers: None present in the
network_pentest_report.jsonoutput. - Capability inventory: Network scanning and local file writing in
scripts/agent.py. - Sanitization: No escaping or validation is performed on the data retrieved from external network hosts.
- [EXTERNAL_DOWNLOADS]: The skill requires the
python-nmaplibrary and references well-known vulnerability databases (NVD, CVE) and Nmap Scripting Engine (NSE) scripts.
Audit Metadata