network-scan-nmap
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill uses 'python3 -c' to execute an inline Python script for XML-to-JSON conversion. This pattern involves executing code strings at runtime, which is a potential risk vector.- [Unverifiable Dependencies & Remote Code Execution] (LOW): The Python parsing snippet depends on the 'xmltodict' library, which is not part of the Python standard library, creating a dependency on an external package.- [Indirect Prompt Injection] (LOW): The skill processes untrusted data returned from network hosts, such as service banners and version strings, which could contain malicious payloads designed to influence the agent. Evidence Chain: 1. Ingestion points: nmap output parsing in Step 3 and 4. 2. Boundary markers: Absent. 3. Capability inventory: nmap and python execution. 4. Sanitization: None.- [Data Exposure & Exfiltration] (LOW): The skill performs network scanning (reconnaissance) to external or internal hosts, which is the primary purpose of the skill but constitutes a high-risk network operation.
Audit Metadata