Recon
Warn
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires elevated system privileges to perform its primary functions.
- Evidence: The
MassScan.tstool explicitly checks for root access and instructs the user to run the script withsudoto enable raw packet scanning. - [EXTERNAL_DOWNLOADS]: The skill includes an update mechanism that fetches and installs binary security tools from external repositories.
- Evidence: The
UpdateTools.mdworkflow uses thepdtmutility to download and update a wide range of ProjectDiscovery tools such asnuclei,subfinder, andnaabu. - [PROMPT_INJECTION]: The
AnalyzeScanResultsGemini3.mdworkflow is susceptible to indirect prompt injection as it processes untrusted external data. - Ingestion points: The workflow reads potentially large and attacker-influenced scan files (e.g., nmap, masscan) using
cat $SCAN_FILE. - Boundary markers: Data is delimited using standard markdown code blocks in the prompt provided to the analysis model.
- Capability inventory: The agent has extensive shell execution capabilities including
llmcommands and various custom reconnaissance tools. - Sanitization: There is no evidence of sanitization or filtering of service banners, hostnames, or other fields within the ingested scan data before it is passed to the LLM.
- [COMMAND_EXECUTION]: The skill mandates a network notification to a local endpoint upon every invocation.
- Evidence:
SKILL.mdcontains a mandatory instruction to execute acurlPOST request tolocalhost:8888/notifybefore performing any other skill actions.
Audit Metadata