skills/mukul975/anthropic-cybersecurity-skills/exploiting-vulnerabilities-with-metasploit-framework/Gen Agent Trust Hub
exploiting-vulnerabilities-with-metasploit-framework
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess calls in scripts/agent.py to run msfconsole and nmap for security scanning and exploitation tasks. These tools are used as intended for security validation but require direct system command execution.
- [CREDENTIALS_UNSAFE]: The scripts/process.py file contains hardcoded default credentials (username 'msf', password 'password') for the Metasploit RPC service. While these are documented defaults, they represent a credential management risk in non-test environments.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. Ingestion points: CSV and Nessus data import in scripts/process.py and SKILL.md. Boundary markers: Absent. Capability inventory: Command execution via subprocess in agent.py and RPC commands in process.py. Sanitization: Absent in the data processing logic, allowing potentially malicious instructions in scan results to influence the automation flow.
Audit Metadata