bluehammer-vulnerability-poc
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to clone an external, unverified repository from GitHub (https://github.com/Nightmare-Eclipse/BlueHammer.git).
- [COMMAND_EXECUTION]: The skill contains instructions to use sudo to disable system-wide Address Space Layout Randomization (ASLR) via the /proc/sys/kernel/randomize_va_space interface, which significantly reduces the system's security posture.
- [COMMAND_EXECUTION]: The skill suggests using sudo apt install to modify system software, which requires elevated privileges.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to compile and run C code fetched from a remote source. It specifically recommends using flags like -fno-stack-protector and -z execstack to disable compiler-level security mitigations.
- [REMOTE_CODE_EXECUTION]: A Python test harness is included that utilizes subprocess.run to execute local binaries, providing a mechanism for running code with crafted payloads.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes and analyzes content from a third-party repository.
- Ingestion points: Code and README files are ingested via git clone from the Nightmare-Eclipse/BlueHammer repository.
- Boundary markers: Absent; the skill does not provide delimiters or instructions to the agent to disregard instructions potentially embedded within the downloaded code.
- Capability inventory: The skill possesses extensive capabilities including C compilation (gcc), privileged command execution (sudo), and script execution (python3 with subprocess).
- Sanitization: Absent; external data from the repository is analyzed and executed without prior sanitization or integrity verification beyond an optional PGP check.
Audit Metadata