skills/mukul975/anthropic-cybersecurity-skills/performing-thick-client-application-penetration-test/Gen Agent Trust Hub
performing-thick-client-application-penetration-test
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate resource for security professionals to conduct authorized assessments of thick client applications.
- [COMMAND_EXECUTION]: The
SKILL.mdfile contains various command-line examples (PowerShell, Bash) for using standard security tools likednSpy,Procmon, andfrida. These are provided as instructional references for manual execution by the tester. - [DATA_EXFILTRATION]: The provided Python scripts (
scripts/agent.py,scripts/process.py) scan local directories, configuration files, and databases for sensitive data patterns. This behavior is consistent with the skill's purpose of identifying insecure data storage and does not involve any external network communication or exfiltration. - [PROMPT_INJECTION]: The skill ingests untrusted data from binaries and local databases for analysis, which represents a surface for indirect prompt injection. Ingestion points:
scripts/agent.py(binary strings and SQLite databases) andscripts/process.py(binaries and config files). Boundary markers: Not present. Capability inventory: Local file system read access and environment variable access. Sanitization:scripts/agent.pyimplements regex-based allow-listing for database table names before query execution.
Audit Metadata