diagnose
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: User-controlled input ($ARGUMENTS) is interpolated directly into bash commands such as 'bash scripts/diagnostics/dns.sh $ARGUMENTS' and 'dig $ARGUMENTS'. This creates a vulnerability to command injection where an attacker could execute unauthorized commands by appending shell metacharacters.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to interpret the output of various network tools.
- Ingestion points: Output from commands including dig, curl, nc, ping, and traceroute.
- Boundary markers: None present; the instructions explicitly state to 'Interpret their text output directly'.
- Capability inventory: Execution of local bash scripts, system network utilities, and reading local configuration files (e.g., .pentest/scope.json).
- Sanitization: No sanitization or validation of external tool output is performed before it is presented to the agent for interpretation.
Audit Metadata