skills/mukul975/anthropic-cybersecurity-skills/performing-red-team-with-covenant/Gen Agent Trust Hub
performing-red-team-with-covenant
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: Data is collected from various Covenant C2 REST API endpoints (listeners, grunts, tasks) within
scripts/agent.py. - Boundary markers: No delimiters or filtering mechanisms are present to distinguish between trusted control data and untrusted content from the C2 server.
- Capability inventory: The script possesses network communication and local file write permissions.
- Sanitization: The script lacks validation or escaping for data ingested from the remote API before processing it into the final report.
- [SAFE]: The script
scripts/agent.pydisables SSL certificate verification for network requests to the C2 server. Additionally, authentication credentials are accepted as command-line arguments, and no obfuscation or unauthorized code execution patterns were found.
Audit Metadata