hunt-brute-force
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains multiple Bash scripts and Python one-liners for security testing. These commands utilize standard system utilities like curl, awk, seq, shuf, and python3 to automate vulnerability detection tasks.
- [EXTERNAL_DOWNLOADS]: The methodology requires making repeated network requests to external domains using curl to test for rate-limiting and brute-force protections. This is a core part of the skill's intended functionality.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing data from untrusted external web servers.
- Ingestion points: External server responses are fetched and analyzed in multiple sections of SKILL.md (e.g., Phases 1, 3, and 5).
- Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to treat external content as untrusted data.
- Capability inventory: The execution environment allows for shell command execution, network access, and local file operations.
- Sanitization: No validation or sanitization is applied to the content received from target servers before it is processed by the agent.
Audit Metadata