skipfish
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to verify if the skipfish binary is available and to retrieve its version information. Evidence: Tool status check using
command -v skipfish > /dev/null 2>&1 && echo \"YES -- $(skipfish -h 2>&1 | head -1)\".\n- [COMMAND_EXECUTION]: Executes local bash scripts and the skipfish binary using parameters provided by the user. Evidence: Usage ofbash scripts/skipfish/quick-scan-web-app.sh <target>and direct execution ofskipfish -o output_dir http://<target>.\n- [COMMAND_EXECUTION]: Includes instructions recommending the use ofsudofor administrative software installation if dependencies are missing. Evidence: Hintingsudo port install skipfish (macOS) | apt install skipfish (Debian/Ubuntu).\n- [PROMPT_INJECTION]: Exposes a vulnerability surface for indirect prompt injection via the<target>parameter, which could be used to pass malicious input to shell scripts or the scanner. \n - Ingestion points: The
<target>URL or hostname parameter in both script and binary execution commands.\n - Boundary markers: No delimiters or protective instructions are visible in the command syntax to isolate untrusted input.\n
- Capability inventory: The skill has permissions to execute bash scripts and binary files with the supplied input.\n
- Sanitization: The documentation mentions target validation against a
.pentest/scope.jsonfile through a PreToolUse hook as a mitigation measure.
Audit Metadata