Skills
NYC
skills/smithery/ai/Pentest Commands/Gen Agent Trust Hub

Pentest Commands

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill provides numerous commands for invasive tools like nmap, nikto, and sqlmap that allow an agent to actively probe and exploit network infrastructure.
  • Evidence: Commands such as nmap --script vuln for automated vulnerability scanning and sqlmap --os-shell for gaining remote command execution via SQL injection.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill includes instructions for using msfvenom to generate malicious payloads (reverse shells) for multiple platforms (Windows, Linux, Web).
  • Evidence: msfvenom -p windows/meterpreter/reverse_tcp LHOST=... -f exe > shell.exe and similar commands for PHP, Python, and Java payloads.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill provides automated brute-force and password cracking command references, facilitating unauthorized access to various services.
  • Evidence: hydra commands targeting SSH, FTP, RDP, and SMB, along with john the ripper commands for cracking local password files and SSH keys.
  • [PRIVILEGE ESCALATION] (MEDIUM): Some commands, such as airmon-ng start, typically require administrative or root-level privileges to interact with hardware at a low level.
  • Evidence: Commands in the Aircrack-ng section require monitor mode which usually demands sudo/root access.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:36 AM