Skills
skills/sebas-aikon-intelligence/antigravity-awesome-skills/Pentest Commands/Gen Agent Trust Hub

Pentest Commands

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • Data Exposure (HIGH): The skill provides command templates targeting highly sensitive files. Evidence: The command 'ssh2john id_rsa' in SKILL.md involves processing private SSH keys for credential cracking.
  • Indirect Prompt Injection (HIGH): The skill facilitates the ingestion of external data from untrusted targets while providing the agent with powerful side-effect capabilities.
  • Ingestion points: Commands for 'nmap', 'nikto', 'sqlmap', and 'tshark' in SKILL.md are designed to ingest data from potentially hostile network services into the agent's context.
  • Boundary markers: No delimiters or protective instructions are used to prevent the agent from obeying instructions embedded in the output of these tools.
  • Capability inventory: The skill provides commands for Metasploit exploits, reverse shell generation via 'msfvenom', and remote command execution via 'sqlmap --os-shell'.
  • Sanitization: There is no evidence of sanitization or validation for the data processed by these commands.
  • Dual-Use Capability (INFO): The skill is a comprehensive reference for offensive tools which, while intended for pentesting, can be used for unauthorized system compromise.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:52 AM