Pentesting from Beginner to Advanced
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute powerful system and network tools including 'nmap', 'hydra', 'gobuster', and 'sqlmap'. These tools can be used for invasive scanning and brute-force attacks.
- [EXTERNAL_DOWNLOADS] (HIGH): The 'Core Workflow' requires downloading and running third-party Docker images ('raesene/bwapp' and 'vulnerables/web-dvwa') which are not from trusted sources. It also suggests system package installation via 'apt install'.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides functional command injection payloads such as '; ls -la' and '| cat /etc/passwd'. While intended for educational demonstrations, these represent executable attack patterns that the agent could potentially apply to unauthorized targets.
- [DATA_EXFILTRATION] (MEDIUM): Includes examples for accessing sensitive system files (e.g., '/etc/passwd') and intercepting session cookies, which are hallmarks of data exposure and potential exfiltration techniques.
Recommendations
- AI detected serious security threats
Audit Metadata