broken-authentication
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides pre-configured command-line strings for the hydra tool, enabling the agent to perform brute-force and credential stuffing attacks against specified targets.\n- [COMMAND_EXECUTION]: An embedded Python script is included to automate the collection of session tokens and analyze their entropy, requiring the execution of Python code and network interaction via the requests library.\n- [CREDENTIALS_UNSAFE]: The skill includes wordlists of common default credentials (e.g., admin:admin) and weak passwords to be used as payloads for authentication testing.\n- [SAFE]: All identified command execution and network operations are directly aligned with the skill's primary function as an offensive security testing guide and are documented with clear intent.
Audit Metadata