scan
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directly interpolates the '$ARGUMENTS' variable into shell command strings such as 'nmap -sS -sV $ARGUMENTS' and 'curl -I $ARGUMENTS'. This pattern is vulnerable to command injection, enabling an attacker to execute arbitrary system commands by supplying targets with shell operators like ';' or '|'.
- [COMMAND_EXECUTION]: The skill executes local bash scripts (e.g., 'scripts/nmap/identify-ports.sh') using unsanitized user input, allowing malicious arguments to potentially execute unintended code on the host machine.
Recommendations
- AI detected serious security threats
Audit Metadata