Skills
skills/ariadoss/superskills/pentest/Gen Agent Trust Hub

pentest

Warn

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the clearwing package from the public PyPI registry using uv tool install clearwing. Neither the tool nor the author (Lazarus-AI) are included in the trusted vendors list or recognized as a well-known service.
  • [COMMAND_EXECUTION]: The skill provides instructions to run various shell commands using the clearwing CLI, including sourcehunt for scanning local codebases and parallel for concurrent network scanning of target CIDR blocks.
  • [COMMAND_EXECUTION]: The skill presents an indirect prompt injection attack surface as it ingests untrusted source code repositories via the sourcehunt command while possessing access to the Bash tool; the instructions lack explicit boundary markers or sanitization guidelines for the processed content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 05:50 AM