Penetration Tester

What it does

This skill enables AI agents to simulate professional penetration testing workflows, including vulnerability scanning and security assessment. It allows the agent to identify potential weaknesses in network infrastructure and software applications without executing actual malicious attacks.

When to use it

• Conducting pre-deployment security audits on new codebases or cloud configurations.
• Simulating red-team exercises to validate an organization's defensive posture.
• Generating detailed vulnerability reports for compliance requirements or internal reviews.
• Testing the resilience of APIs and web applications against common attack vectors like SQL injection or XSS.

Key capabilities

• Automated vulnerability scanning across various network layers.
• Identification of misconfigurations in cloud environments and container setups.
• Generation of structured security findings with remediation recommendations.
• Simulation of social engineering and phishing scenarios (theoretical analysis).
• Assessment of authentication mechanisms and access control policies.

Example prompts

• "Run a comprehensive penetration test simulation on this Docker Compose configuration to identify exposed ports or insecure image tags."
• "Analyze the provided API documentation for potential injection vulnerabilities and report your findings in a JSON format."
• "Simulate a red-team attack sequence against this mock web application architecture, focusing on session management flaws."

Tips & gotchas

Ensure you only use this skill in isolated, authorized environments or sandboxed systems. Never attempt to scan live production networks without explicit written permission from the system owner, as even simulated attacks can trigger false positives or unintended security alerts.