Skills
skills/chi111i/ctf-skills/ctf-writeup/Gen Agent Trust Hub

ctf-writeup

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses find and grep via bash to automatically search the local filesystem for challenge artifacts and flag patterns.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from the local environment.\n
  • Ingestion points: Content from files and scripts found in the current directory is read into the agent context during the information gathering phase (SKILL.md).\n
  • Boundary markers: The skill does not implement delimiters or instructions to treat ingested file content as untrusted data, increasing the risk of the agent obeying instructions hidden within challenge files.\n
  • Capability inventory: The execution environment permits high-privilege operations including Bash, Read, Write, Edit, and WebFetch.\n
  • Sanitization: There is no explicit sanitization or content validation performed on the files discovered before they are processed and incorporated into the final write-up template.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 02:12 PM