coercing-authentication-with-coercer-petitpotam

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/agent.py acts as a wrapper for external CLI tools (coercer and PetitPotam.py). It utilizes subprocess.run with a list of arguments, which is a secure practice that prevents shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md and references/api-reference.md files provide instructions for downloading security tools from reputable GitHub repositories (e.g., p0dalirius/Coercer, topotam/PetitPotam, fortra/impacket). These references are documented neutrally for the purpose of setting up the testing environment.
  • [CODE_QUALITY]: The orchestrator script includes basic environment checks using shutil.which to ensure required tools are present before attempting execution, improving reliability and preventing unexpected failures.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:04 AM
Security Audit — agent-trust-hub — coercing-authentication-with-coercer-petitpotam