broken-authentication
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an instructional guide for security professionals to conduct authentication testing within authorized environments.
- [COMMAND_EXECUTION]: Provides example command-line strings for the Hydra security tool (e.g.,
hydra -l admin -P /usr/share/wordlists/rockyou.txt target.com http-post-form ...). These are provided as educational templates for brute-force testing and do not execute automatically. - [EXTERNAL_DOWNLOADS]: Identifies external security tools and wordlists (like Burp Suite and rockyou.txt) as prerequisites for the workflow, but does not contain scripts to download them from untrusted sources.
- [REMOTE_CODE_EXECUTION]: Includes a Python script template that uses the
requestslibrary to fetch session tokens from a target URL for entropy analysis. The code is static, transparent, and intended for security assessment purposes.
Audit Metadata