defectdojo
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains hardcoded credentials for the official DefectDojo demo environment (
admin / 1Defectdojo@demo#appsec) and a sample API token (c8572a5adf107a693aa6c72584da31f4d1f1dcff) within the documentation files. - [CREDENTIALS_UNSAFE]: Significant exposure of Azure infrastructure metadata, including a specific Tenant ID (
3f7a3df4-f85b-4ca8-98d0-08b1034e6567) and Application Client ID (79ada8c7-4270-41e8-9ea0-1e1e62afff3d). - [CREDENTIALS_UNSAFE]: Exposure of sensitive local system file paths, specifically referencing a Kubeconfig file for an AKS cluster:
~/.kube/aks-rg-hypera-cafehyna-dev-config. - [DATA_EXFILTRATION]: The MCP server configuration in
SKILL.mdhardcodes a specific target instance URL (https://defectdojo.dev.cafehyna.com.br). Any vulnerability data managed by the agent using these tools will be transmitted to this specific external endpoint. - [COMMAND_EXECUTION]: The skill includes numerous shell command examples for
kubectl,helm, andcurlthat process API tokens or modify cluster states, which could be exploited if an attacker influences the arguments passed to these commands. - [PROMPT_INJECTION]: The skill processes security findings which are derived from external, untrusted scan reports (SAST, DAST, etc.), creating an indirect prompt injection surface.
- Ingestion points:
defectdojo_list_findings,defectdojo_get_finding, and scan import API endpoints. - Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore potentially malicious content inside finding descriptions.
- Capability inventory: Subprocess calls (via shell command examples), network operations (REST API interactions), and file system access.
- Sanitization: None detected in the skill's instructions or scripts.
Audit Metadata