conducting-network-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs harvesting, documenting, and showing credentials (e.g., "tomcat:tomcat", SNMP community "public", captured credentials with Mimikatz) and includes examples where secrets are embedded in commands and PoC output, which would require the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly instructs and automates offensive actions—remote code execution (reverse shells, malicious WAR deployment, Meterpreter), credential theft (Mimikatz, pass‑the‑hash, credential harvesting), lateral movement/pivoting, and exploitation workflows—which are deliberate offensive/backdoor patterns that can be readily abused if used without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively ingests untrusted, third‑party network/service content — e.g., banner and script outputs from arbitrary targets via scripts/agent.py functions (port_scan, vulnerability_scan, smb_enumeration, dns_enumeration) and SKILL.md/reference instructs correlating Nmap script output with Exploit-DB/NVD findings and using public PoCs — and those inputs are parsed and used to classify vulnerabilities and drive exploitation actions, so external content can materially influence the agent's decisions.