skills/mukul975/anthropic-cybersecurity-skills/conducting-network-penetration-test/Gen Agent Trust Hub
conducting-network-penetration-test
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/agent.pyscript utilizes thepython-nmaplibrary to perform automated network reconnaissance, including host discovery and service enumeration. These operations are within the stated scope of a penetration testing skill.\n- [EXTERNAL_DOWNLOADS]: The skill listspython-nmapas a Python dependency and references standard Nmap Scripting Engine (NSE) scripts (vulners,vulscan) for vulnerability identification. These are well-known resources in the security community.\n- [PROMPT_INJECTION]: The skill displays an indirect prompt injection surface as it processes external data from scanned services without rigorous sanitization.\n - Ingestion points:
scripts/agent.pyreads banner and service information from network-accessible targets.\n - Boundary markers: No delimiters or protective instructions are used when processing banner strings.\n
- Capability inventory: The agent has capabilities for network communication (scanning) and local file writing (reporting).\n
- Sanitization: The script converts script output to lower-case strings for keyword matching (e.g., 'critical', 'high') to categorize risks but does not interpret the data as instructions.
Audit Metadata