hashcat
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of system commands to perform password recovery tasks. It invokes the
hashcatbinary directly with various arguments and executes local wrapper scripts from thescripts/hashcat/directory usingbash. It also performs system state checks usingcommand -vandtest -fto verify tool availability.\n- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection due to the ingestion of untrusted data.\n - Ingestion points: Untrusted data enters the agent context via external files specified in the command arguments, specifically
<hashfile>andwordlist.txt.\n - Boundary markers: There are no boundary markers or instructions present to prevent the agent from interpreting instructions potentially embedded within the processed hash files.\n
- Capability inventory: The skill has significant capabilities, including the ability to execute shell scripts and run the
hashcatexecutable on the host system.\n - Sanitization: There is no evidence of sanitization, validation, or filtering of the content or names of the input files provided by the user.
Audit Metadata