conducting-network-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the tester/agent to harvest and document credentials (e.g., "tomcat:tomcat", capture harvested credentials, credential lists, and include them in PoC/report), which requires outputting secret values verbatim and therefore creates exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is dual-use but contains explicit, actionable instructions for remote code execution (reverse shells, WAR payloads, Metasploit), credential theft (Mimikatz, hash dumping, pass‑the‑hash, credential spraying), relay attacks, and lateral movement—high-risk techniques that can be deliberately abused; the included agent code itself does not embed covert exfiltration or obfuscated backdoors, but the overall material clearly enables malicious activity if used without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively ingests untrusted, third‑party network/service content — e.g., banner and script outputs from arbitrary targets via scripts/agent.py functions (port_scan, vulnerability_scan, smb_enumeration, dns_enumeration) and SKILL.md/reference instructs correlating Nmap script output with Exploit-DB/NVD findings and using public PoCs — and those inputs are parsed and used to classify vulnerabilities and drive exploitation actions, so external content can materially influence the agent's decisions.