coordination
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests untrusted data from multiple sources, including local source code (Phase P1) and external web content via research triggers (P2b). This content is distilled into a RESEARCH_BRIEF or MISSION_OBJECTIVE and interpolated directly into the prompts of Executor agents. The instructions lack explicit sanitization or strong boundary markers to prevent malicious instructions embedded in the analyzed data from influencing the agent's logic or PoC generation.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic execution of locally generated scripts. The Executor agent is tasked with writing a
poc.pyfile, which the Validator agent is then required to execute (Phase 4.5) to confirm findings. While this is a core function for a pentest coordination skill, it creates a vector where a compromised or misled Executor could generate and trigger the execution of malicious Python code. - [COMMAND_EXECUTION]: The skill orchestrates the use of various powerful command-line tools for security testing, including the Impacket suite (e.g., secretsdump.py, ticketer.py), nmap, and curl. It also executes local utility scripts such as
tools/nvd-lookup.py. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch security payloads from the PayloadsAllTheThings repository on GitHub. These downloads are directed toward a well-known community resource to facilitate automated testing missions.
Audit Metadata