Skills
skills/vchirrav/product-security-ai-skills/dast-nuclei/Gen Agent Trust Hub

dast-nuclei

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill recommends installing the Nuclei tool via go install from GitHub. While ProjectDiscovery is a reputable source, the repository is not on the explicit trusted list provided for this analysis, representing a dependency on external code.
  • COMMAND_EXECUTION (LOW): The skill utilizes shell commands to run the nuclei binary. This is standard behavior for such a utility but involves command-line execution that should be monitored.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes output from external, potentially malicious targets. An attacker could craft a response to a scan that contains instructions intended for the AI agent. \n- Ingestion points: nuclei-results.jsonl (scanner output). \n- Boundary markers: Absent; there are no instructions to disregard content within the results. \n- Capability inventory: Shell execution of the nuclei tool. \n- Sanitization: No sanitization is performed on the findings before they are parsed and summarized.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:43 PM