hping3
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
hping3utility and various local shell scripts (scripts/hping3/detect-firewall.sh,scripts/hping3/test-firewall-rules.sh, etc.) to perform low-level network operations. - [COMMAND_EXECUTION]: User-provided input for the
<target>parameter is interpolated directly into shell commands (e.g.,hping3 -S -p 80 <target> -c 3). This presents a command injection risk if the input is not sanitized, as an attacker could provide a value like127.0.0.1; malicious_commandto execute arbitrary code. - [COMMAND_EXECUTION]: The skill documentation explicitly states that most operations require root/sudo privileges to access raw sockets, which enables the agent to run commands with high-level system permissions.
- [COMMAND_EXECUTION]: The skill uses shell-based tool status checks, such as
command -v hping3, to determine the environment's capabilities at runtime.
Audit Metadata