ssh-penetration-testing

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several powerful CLI tools for network operations, including nmap for scanning, hydra and medusa for brute-force attacks, and nc for banner grabbing.
  • [CREDENTIALS_UNSAFE]: The instructions explicitly guide the agent to locate and attempt to use sensitive private key files from standard locations such as ~/.ssh/id_rsa, /root/.ssh/, and /etc/ssh/ssh_host_*_key.
  • [DATA_EXFILTRATION]: The skill includes patterns for using curl to fetch sensitive information (e.g., private keys) from external web servers, which could be used to retrieve or inadvertently expose credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 05:17 PM
Security Audit — agent-trust-hub — ssh-penetration-testing