pentest-agents-bug-bounty-framework
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from an untrusted account (github.com/H-mmer/pentest-agents-suite) which contains the core framework logic.
- [REMOTE_CODE_EXECUTION]: The instructions guide the user to run unverified Python scripts and installers directly from the cloned repository to set up MCP servers and tools.
- [COMMAND_EXECUTION]: The framework promotes persistence by directing users to register external scripts (cost_hook.py, welcome.py) as automatic hooks within the agent's environment settings.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via external data. 1. Ingestion points: The MCP server fetches program policies and scopes from third-party bug bounty platforms. 2. Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted data from the agent's core instructions. 3. Capability inventory: The framework has broad capabilities including shell command execution (/hunt, /autopilot), file system access, and network operations. 4. Sanitization: There is no evidence of sanitization or validation performed on the data ingested from external bounty platforms before processing.
Recommendations
- AI detected serious security threats
Audit Metadata