pentester
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the use of the $ARGUMENTS variable.
- Ingestion points: User-provided input via $ARGUMENTS is directly placed into the instruction block in SKILL.md.
- Boundary markers: There are no delimiters (e.g., XML tags or triple quotes) or negative constraints instructing the agent to ignore instructions embedded within the arguments.
- Capability inventory: The skill is designed to orchestrate "multi-tool attack workflows" using preloaded skills, which suggests access to high-capability tools for network or system operations.
- Sanitization: The input is not validated or sanitized, allowing an attacker to potentially provide a "target" that contains malicious instructions to deviate from the intended pentesting workflow.
Audit Metadata