pentest-conventions
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill describes the execution of local wrapper scripts and make targets for managing Docker containers. These actions are intended for the primary purpose of security testing and are executed with user-supplied flags.- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes external data from security tool outputs and local configuration files. 1. Ingestion points: .pentest/scope.json and tool terminal output. 2. Boundary markers: No specific delimiters or instruction-bypass warnings are defined in this document. 3. Capability inventory: Ability to execute local scripts and shell commands through specified flags. 4. Sanitization: Mandates validation against a scope allow-list prior to any tool execution.- [SAFE]: Documentation includes default credentials for well-known vulnerable lab applications (e.g., admin/password for DVWA). These are standard educational defaults and do not represent a leak of sensitive user secrets.
Audit Metadata