gobuster
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the gobuster binary and several local bash scripts (scripts/gobuster/discover-directories.sh, scripts/gobuster/enumerate-subdomains.sh, scripts/gobuster/examples.sh) for network reconnaissance and enumeration.
- [EXTERNAL_DOWNLOADS]: The skill references and provides installation instructions for well-known tools and repositories, specifically github.com/OJ/gobuster and github.com/danielmiessler/SecLists, which are industry-standard resources for security testing.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The agent processes data discovered by gobuster from external targets, such as hidden directory names or DNS records, which could contain malicious instructions. 2. Boundary markers: Absent; the skill does not define specific delimiters to isolate tool output from the agent's primary instruction set. 3. Capability inventory: The skill has the capability to execute shell commands and perform network operations via gobuster and bash. 4. Sanitization: Absent; there is no evidence of validation or filtering of the network data retrieved by the tool before it is ingested into the agent context.
Audit Metadata