Skills
skills/zebbern/termstack/nuclei-scan/Gen Agent Trust Hub

nuclei-scan

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the Nuclei scanner from the official ProjectDiscovery GitHub repository using the Go toolchain (go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest).
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the nuclei command-line tool for security scanning, template updates, and report generation across various formats (JSON, Markdown, SARIF).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process data from external, untrusted web targets during vulnerability scans.
  • Ingestion points: Untrusted data enters the agent context through target URLs passed to the -u flag and bulk target lists passed to the -l flag in SKILL.md.
  • Boundary markers: There are no explicit markers or instructions provided to the agent to treat scan results as untrusted content.
  • Capability inventory: The skill provides full access to the nuclei scanner's capabilities, including network requests and file writing for reports.
  • Sanitization: The skill instructions do not specify any sanitization or validation of the scanner's output before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:49 PM
Security Audit — agent-trust-hub — nuclei-scan