recon
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple system commands and local scripts (nmap, dig, curl, gobuster) by directly interpolating the
$ARGUMENTSvariable without shell-safe quoting or sanitization. This allows for arbitrary command execution on the host if a malicious target string is provided. Evidence:bash scripts/nmap/discover-live-hosts.sh $ARGUMENTS -j -xandnmap -sn $ARGUMENTS/24inSKILL.md. - [COMMAND_EXECUTION]: The skill utilizes a shell execution pattern for environment detection, which executes code on the system to check for the presence of local files. Evidence:
!test -f scripts/nmap/discover-live-hosts.sh && echo "YES" || echo "NO"inSKILL.md. - [PROMPT_INJECTION]: The skill processes untrusted data from external network services (DNS records, SSL certificates) and presents it to the agent without boundary markers, which can be used for indirect prompt injection. Ingestion points: Command output from network tools like
nmap,dig,curl, andgobuster. Boundary markers: None; results are included directly in the agent's context. Capability inventory: Ability to execute shell commands and read local files like.pentest/scope.json. Sanitization: No sanitization or escaping of external output is performed before agent processing.
Audit Metadata