pentest-commands
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill provides command examples that reference sensitive local file paths, specifically SSH private keys (
id_rsa), for use with password cracking utilities like John the Ripper. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The documentation includes instructions for using
msfvenomto generate various reverse shell payloads (Windows, Linux, PHP, Python), which are designed to establish remote connections to attacker-controlled systems. - [DYNAMIC_EXECUTION]: The skill documents the use of payload generation tools like
msfvenomto create executable code and scripts at runtime for the purpose of exploitation. - [INDIRECT_PROMPT_INJECTION]: The skill establishes an attack surface where an agent might process untrusted external data using powerful security tools.
- Ingestion points: Target IP addresses, URLs, and external wordlists specified in the command templates.
- Boundary markers: None provided in the command examples or instructions.
- Capability inventory: Extensive capabilities including network scanning (Nmap), service exploitation (Metasploit), web vulnerability scanning (Nikto/SQLMap), and credential brute-forcing (Hydra).
- Sanitization: No sanitization or validation of input parameters (like target hosts or data strings) is documented.
Audit Metadata