smtp-penetration-testing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple command-line tools including nmap, hydra, netcat, and smtp-user-enum to perform network scanning and brute-force attacks against target SMTP servers.
- [COMMAND_EXECUTION]: Requires elevated privileges (sudo) to install required security software from system repositories.
- [EXTERNAL_DOWNLOADS]: Downloads and installs standard security packages (nmap, hydra, etc.) from the operating system's official package manager.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through external data ingestion.
- Ingestion points: SMTP server banners retrieved via netcat/nmap, response strings from SMTP commands (EHLO, VRFY, RCPT), and DNS TXT records (SPF/DMARC).
- Boundary markers: Absent. The skill does not implement delimiters or 'ignore' instructions when parsing server-returned text.
- Capability inventory: Extensive; includes the ability to execute network scanners, brute-force tools, and the Metasploit Framework.
- Sanitization: Absent. Server responses are processed directly to identify vulnerabilities or versions without escaping or validation logic.
Audit Metadata