zen-ai-pentest-framework
Fail
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone source code from an external, untrusted GitHub repository (
github.com/SHAdd0WTAka/Zen-Ai-Pentest.git) that is not affiliated with the skill author. - [REMOTE_CODE_EXECUTION]: After downloading the external source, the skill executes the framework code and uses an AI agent to dynamically generate and run commands for over 72 real security tools (Nmap, SQLMap, Nuclei, etc.) via subprocess calls.
- [COMMAND_EXECUTION]: The manual installation instructions require the use of
sudo apt-get install, granting the installation script administrative privileges to modify the host system. - [CREDENTIALS_UNSAFE]: The documentation and configuration examples include hardcoded default credentials such as
admin/adminfor the web UI andzen_passwordfor the PostgreSQL database. - [PROMPT_INJECTION]: The framework is vulnerable to indirect prompt injection by design, as it ingests untrusted data from target systems into the AI context.
- Ingestion points: Target web page content and tool outputs are processed by the LLM agent.
- Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The agent has the ability to execute shell commands and write files through various security tools.
- Sanitization: No sanitization or validation of target-provided content is implemented before it is interpolated into the agent's prompts.
Recommendations
- AI detected serious security threats
Audit Metadata