naabu-portscan
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute commands with elevated privileges using
sudoto perform SYN scans (e.g.,sudo naabu -host target.com -s s). - [COMMAND_EXECUTION]: The skill is designed to run various command-line interface tools including
naabu,httpx,nuclei, andsubfinderthrough shell execution and piping. - [DATA_EXFILTRATION]: The skill facilitates network scanning against external hostnames, CIDR ranges (e.g.,
10.0.0.0/24), and ASNs, which involves making outbound network connections to discover active services. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by processing external target lists and network responses.
- Ingestion points: Reads target data from files (
targets.txt) and standard input. - Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious content within the processed data.
- Capability inventory: The skill possesses extensive capabilities including shell execution, file reading, and network interaction via tool chains.
- Sanitization: There is no evidence of input validation or sanitization before passing data to the command-line tools.
- [EXTERNAL_DOWNLOADS]: The skill references the official GitHub repository for the naabu tool by ProjectDiscovery.
Recommendations
- AI detected serious security threats
Audit Metadata