zen-ai-pentest-framework

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs point mostly to a GitHub repository, GitHub Pages/demo site, and related community links from an unfamiliar personal account and the skill instructs cloning and executing code (Docker, pip, npm), so while there are no direct .exe downloads or obscured shorteners, running unvetted repository code and containers from an unknown source poses a meaningful malware/compromise risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows autonomous agents executing scans against arbitrary public targets (see "Create and Execute Scan" and the agents/tools sections listing httpx, subfinder, whatweb, nuclei, ffuf, etc.), meaning the system fetches and ingests untrusted public website/forum content that the LLM agents read and use to drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The quick-start installs and runs remote code via "git clone https://github.com/SHAdd0WTAka/Zen-Ai-Pentest.git" followed by docker-compose up, which fetches and executes external repository code as a required dependency.