dast-nuclei
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user/agent to install software directly from a GitHub repository (
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest). This organization is not within the defined trusted scope, making it an unverifiable external dependency that executes code at the system level. - [COMMAND_EXECUTION] (HIGH): The instruction set relies on executing raw bash commands. If the
<target-url>or other parameters are derived from untrusted user input, it could lead to command injection or unauthorized system access. - [PROMPT_INJECTION] (HIGH): This skill is highly vulnerable to Category 8 (Indirect Prompt Injection).
- Ingestion points: The agent is instructed to read
nuclei-results.jsonl, which contains data (headers, server responses, metadata) fetched directly from untrusted external web servers. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill possesses capabilities for command execution (
bash) and local file system access. - Sanitization: No sanitization or validation of the scanner's output is performed before the agent parses and acts upon the data. A malicious web target could return a payload designed to hijack the agent's logic when the scan results are summarized.
Recommendations
- AI detected serious security threats
Audit Metadata