gogo-scan
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides numerous shell commands for the agent to execute, including network port scanning, service identification, and asset discovery using the gogo utility.
- [PROMPT_INJECTION]: The skill involves an indirect prompt injection surface as it ingests unvalidated data from external network targets during the fingerprinting process.
- Ingestion points: Network service responses, banners, and HTTP headers collected from scanned targets.
- Boundary markers: No delimiters or boundary markers are used to isolate external data from the instruction context.
- Capability inventory: The skill leverages the capability to execute shell commands for scanning and data processing.
- Sanitization: There is no evidence of sanitization or validation of the tool outputs before they are processed by subsequent commands in the pipeline.
Audit Metadata