skills/mukul975/anthropic-cybersecurity-skills/performing-vulnerability-scanning-with-nessus/Gen Agent Trust Hub
performing-vulnerability-scanning-with-nessus
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/agent.pydisables SSL/TLS certificate verification by settingself.session.verify = Falseand suppressing warnings viaurllib3.disable_warnings. This configuration exposes theNESSUS_ACCESS_KEYandNESSUS_SECRET_KEYenvironment variables to potential Man-in-the-Middle (MITM) attacks during transmission to the Nessus API. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via data processed from the Nessus scanner.
- Ingestion points: The script
scripts/agent.pyretrieves scanner data, plugin names, and status information from various Nessus API endpoints. - Boundary markers: No delimiters or boundary markers are used to isolate untrusted data from the agent's logic or output.
- Capability inventory: The agent performs network operations using the Nessus REST API.
- Sanitization: No escaping, validation, or sanitization is performed on the data retrieved from the API before use.
Audit Metadata