hunt-nosqli
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'pip3 install' to download and install 'nosqlmap' from the public PyPI registry.
- [COMMAND_EXECUTION]: The instructions involve executing shell commands such as 'curl' to interact with remote APIs and using bash loops to automate data exfiltration techniques.
- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection (Category 8) when processing responses from external targets.
- Ingestion points: Data from untrusted external servers is ingested into the agent context via 'curl' output (e.g., in Phase 4).
- Boundary markers: No delimiters or protective instructions are used to differentiate target data from the agent's logic.
- Capability inventory: The skill utilizes shell execution, network access, and package installation.
- Sanitization: The skill does not perform any sanitization or validation of the data retrieved from the remote target prior to the agent processing it.
Audit Metadata