autopentestx-automated-pentesting
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from a third-party GitHub account (Gowtham-Darkseid/AutoPentestX) that is not associated with the skill author.
- [COMMAND_EXECUTION]: The installation and execution instructions involve high-risk shell commands, including unverified package installation, script permission modification, and the use of sudo for root-level access.
- [DATA_EXFILTRATION]: The skill documentation includes code examples for sending potentially sensitive security scan results and vulnerability data to external webhook URLs using the requests library.
- [REMOTE_CODE_EXECUTION]: Executing code downloaded directly from an unverified external repository as a local script with elevated privileges constitutes a high-risk remote code execution pattern.
Recommendations
- AI detected serious security threats
Audit Metadata