skills/mukul975/threatswarm/wordlists/Gen Agent Trust Hub

wordlists

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous templates for executing security tools (ffuf, hydra, crackmapexec, feroxbuster, cewl) via the Bash tool. These are standard commands for penetration testing and are aligned with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill uses environment variables ($URL, $DOMAIN, $TARGET, $USER, $PASS) to construct shell commands. While this is necessary for its function as a security utility, it creates a surface for indirect injection if the inputs are not properly sanitized by the underlying agent platform.
  • Ingestion points: User-provided variables ($URL, $DOMAIN, etc.) used in SKILL.md command templates.
  • Boundary markers: Absent; the skill does not include specific delimiters or sanitization instructions for these variables.
  • Capability inventory: Commands involve the Bash tool executing various CLI security utilities.
  • Sanitization: No explicit sanitization or validation logic is defined for the input parameters.
  • [EXTERNAL_DOWNLOADS]: Mentions a community password cracking rules repository on GitHub (NotSoSecure/password_cracking_rules) as a reference. This is an informative link to a common security resource and does not trigger automated execution.
  • [SAFE]: The Python scripts for corporate password generation and wordlist permutations are benign, local utility scripts that do not perform network operations or access sensitive system files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 07:58 AM
Security Audit — agent-trust-hub — wordlists